CVE-2022-26133 PoC — Atlassian Bitbucket Data Center 代码问题漏洞

Source

https://github.com/Pear1y/CVE-2022-26133

Associated Vulnerability

Title:Atlassian Bitbucket Data Center 代码问题漏洞 (CVE-2022-26133)
Description:SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

Description

Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.

Readme

# CVE-2022-26133




## 说明

Atlassian Bitbucket Data Center 反序列化漏洞(CVE-2022-26133) 批量验证和利用

![image-20220510141355733](images/image-20220510141355733.png)



## 漏洞验证

![image-20220509202724404](images/image-20220509202724404.png)

批量

```
python3 CVE-2022-26133.py -u http://192.168.110.136:7990 -f target.txt
```



## 漏洞利用

![image-20220511095619698](images/image-20220511095619698.png)

![image-20220511095801769](images/image-20220511095801769.png)

***声明：该工具仅用于合法的，经过授权的渗透测试，公司内部安全检查与研究使用。由于使用本工具带来的不良后果由使用者本人负责。***

File Snapshot


 [4.0K]  /data/pocs/9d6ce11b61fd1c5d0bb5f19d25115426962355e1
├── [ 11K]  CVE-2022-26133.py
├── [4.0K]  images
│   ├── [154K]  image-20220509202724404.png
│   ├── [139K]  image-20220510141355733.png
│   ├── [ 61K]  image-20220511095619698.png
│   └── [185K]  image-20220511095801769.png
└── [ 692]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!