BitBucket Tar\\../ersal to Remote Code Execution — CVE-2019–3397

I meant to share this two years ago but I didn’t have the time to do so. I created a script that automates the exploitation of the BitBucket Data Center from path traversal to remote code execution. At the time, there were no available exploits so I created one.

Description

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

Tested On

• BitBucket Data Center v5.15.0
• BitBucket Data Center v6.1.1

Demo Video

Source Code

BitBucket Tar\../ersal to Remote Code Execution — CVE-2019–3397