CVE-2022-26133 PoC — Atlassian Bitbucket Data Center 代码问题漏洞

Source

https://github.com/ar2o3/CVE-2022-26133

Associated Vulnerability

Title:Atlassian Bitbucket Data Center 代码问题漏洞 (CVE-2022-26133)
Description:SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

Description

CVE-2022-26133 Exploit

Readme

# CVE-2022-26133
<img src="https://github.com/0xAbbarhSF/CVE-2022-26133/blob/main/download.jpeg">

## Information

#### Description	
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

#### State ->	PUBLIC
#### Problem Type ->Deserialization of untrusted data


# Installation & Run
* git clone https://github.com/0xAbbarhSF/CVE-2022-26133
* cd CVE-2022-26133
* chmod +x *
* pip2 install parse
* python2 exploit.py

# Contact: - 🕊️ Twitter: [@0xAbbarhSF](https://twitter.com/0xAbbarhSF)
[![Tweet](https://img.shields.io/twitter/url/http/0xAbbarhSF.svg?style=social)](https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fdeveloper.twitter.com%2Fen%2Fdocs%2Ftwitter-for-websites%2Ftweet-button%2Foverview&ref_src=twsrc%5Etfw&text=CMS-Xploiter%20-%20Automated%20Pentest%20Recon%20Scanner%20%400xAbbarhSD&tw_p=tweetbutton&url=https%3A%2F%2Fgithub.com%2F0xAbbarhSF%)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!