Bitbucket Environment Variable Remote Command Injection
For various versions of Bitbucket, there is an authenticated command
injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as
the atlbitbucket user by injecting the GIT_EXTERNAL_DIFF environment
variable, a null character as a delimiter, and arbitrary code into a
user's user name. The value (payload) of the GIT_EXTERNAL_DIFF environment variable will be run once the Bitbucket application is coerced into
generating a diff. This Metasploit module requires at least admin
credentials, as admins and above only have the option to change their user name.
https://packetstormsecurity.com/files/171369/bitbucket_env_var_rce.rb.txt
Thu, 16 Mar 2023 14:56:51 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)