CVE-2022-36804

This Python script exploits CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket Server and Data Center. It crafts a malicious HTTP request to execute arbitrary commands via the archive endpoint, leveraging improper input validation.

This repository contains a functional exploit for CVE-2022-36804, a remote code execution vulnerability in BitBucket Server and Data Center versions prior to 8.3.1. The exploit leverages a path traversal and command injection flaw in the repository archive endpoint to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2022-36804, targeting Bitbucket Server/DC. The exploit leverages command injection via crafted parameters in the archive endpoint to achieve RCE, SSRF, and file download capabilities.

This repository contains a functional exploit for CVE-2022-36804, a critical command injection vulnerability in Bitbucket Server and Data Center versions before 8.3.1. The exploit automates the discovery of vulnerable repositories and executes arbitrary commands via crafted API requests.

This repository contains a functional exploit for CVE-2022-36804, a Bitbucket Server and Data Center RCE vulnerability. The exploit leverages a command injection flaw in the archive download functionality by manipulating the `prefix` parameter to execute arbitrary commands.

This repository contains a functional Python exploit for CVE-2022-36804, a pre-authentication remote code execution (RCE) vulnerability in Atlassian Bitbucket Server and Data Center. The exploit leverages command injection in multiple API endpoints, demonstrated through a Dockerized vulnerable environment and a Python script that constructs malicious requests to achieve RCE.

This repository contains a functional PoC for CVE-2022-36804, an unauthenticated RCE vulnerability in Bitbucket. The exploit constructs malicious archive URLs with command injection payloads to achieve remote code execution.

This repository provides a functional proof-of-concept exploit for CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket Server and Data Center. The exploit leverages malicious HTTP requests to execute arbitrary commands via the `git archive` functionality, demonstrated with payloads for RCE and OOB testing.

The repository contains a functional Python script that exploits CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket. The script automates the process of checking for vulnerable endpoints and executing arbitrary commands via crafted API requests.

The repository contains a functional Python exploit for CVE-2022-36804, targeting Atlassian Bitbucket Server and Data Center. The exploit leverages a command injection vulnerability in the archive endpoint to achieve remote code execution (RCE).

The repository contains no actual exploit code or technical details, only a screenshot and social media links. It appears to be a lure to drive traffic to external platforms rather than providing a legitimate PoC.

This repository contains a functional exploit for CVE-2022-36804, a critical command injection vulnerability in Bitbucket instances. The exploit automates the discovery of vulnerable repositories and executes arbitrary commands, including reverse shell capabilities.

This repository contains only a Docker setup for Bitbucket 7.6.17, likely intended for testing CVE-2022-36804, but lacks any exploit code or technical details.

This repository provides a functional exploit for CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket Server and Data Center. It includes a Docker-based lab environment, detailed technical analysis, and an exploit script to achieve remote command execution via null-byte argument injection in the Git archive command.

This repository contains a functional Python exploit for CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket Server and Data Center. The exploit leverages multiple API endpoints to achieve remote code execution (RCE) on vulnerable versions.

This repository contains a functional Python exploit for CVE-2022-36804, a command injection vulnerability in Atlassian Bitbucket Server and Data Center. The exploit constructs a malicious request to the archive API endpoint, allowing remote code execution via command injection.

The repository claims to contain payloads and a full PoC for CVE-2022-36804 (Bitbucket Server/Data Center command injection) but provides no actual exploit code or technical details. The README is vague and lacks depth, resembling a lure for external downloads.

This repository contains a functional exploit for CVE-2022-36804, a critical unauthenticated command injection vulnerability in Bitbucket instances. The exploit automates the discovery of vulnerable repositories and executes arbitrary commands, including reverse shell payloads.

The repository claims to provide a PoC for CVE-2022-36804 but only contains a placeholder Python script that redirects to an external payment link. No actual exploit code or technical details are provided.

This Metasploit module exploits CVE-2022-36804, an unauthenticated command injection vulnerability in Bitbucket Server and Data Center. It leverages NULL byte injection in the `/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive` endpoint to execute arbitrary commands via the `git-archive` command.