GitLab CE/EE, versions 8.18 up to 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
GitLab version 1147 authenticated remote code execution exploit Original discovery of this issue attributed to Mohin Paramasivam in December of 2020 ...
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Gitlab RCE - Remote Code Execution
RCE for old gitlab version <= 1147 & 1240-1281
LFI for old gitlab versions 104 - 1281
This is an exploit for old Gitlab versions This shouldnt work in the wild but it still seems to be popular in CTFs
Educational use only Illegal things are illegal
CVEs: CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) & CVE-20
GitLab 11.4.7 RCE exploit with different reverse shells. CVE-2018-19571 + CVE-2018-19585
gitlab-RCE-1147
GitLab 1147 CE RCE exploit with different reverse shells
CVE-2018-19571: nvdnistgov/vuln/detail/CVE-2018-19571
CVE-2018-19585: nvdnistgov/vuln/detail/CVE-2018-19585
Modification of the version from Sam Redmond and Tam Lai Yin in order to learn and practice
How to use
It is written in python3 as all things should be
Dependencies:
pip3 i
Gitlab RCE - Remote Code Execution
CVEs: CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) & CVE-2020-10977
Remote code execution against GitLab Community Edition (CE) and Enterprise Edition (EE) It combines an arbitrary file read to extract the Rails secret_key_base, and gains remote code execution with a deserialization vulnerability of a signed experimentation_subject_
GitLab SSRF
This repository is a reproduction of CVE-2018-19571, and how when combined with a CRLF injection exploit, can lead to remote code execution (RCE)
CVE Details
CVE-2018-19571
GitLab CE/EE, versions 818 up to 11x before 11311, 114 before 1148, and 115 before 1151, are vulnerable to an SSRF vulnerability in webhooks
Setting Up
For this reproduction, we will
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Gitlab RCE - Remote Code Execution
RCE for old gitlab version <= 1147 & 1240-1281
LFI for old gitlab versions 104 - 1281
This is an exploit for old Gitlab versions This shouldnt work in the wild but it still seems to be popular in CTFs
Educational use only Illegal things are illegal
CVEs: CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) & CVE-20
Fixed version of the Python script to exploit CVE-2018-19571 and CVE-2018-19585 (GitLab 11.4.7 - Authenticated Remote Code Execution) that is available at https://www.exploit-db.com/exploits/49263 (Python 3.9).
edb-49263-fixed - GitLab 1147 - Authenticated Remote Code Execution
Fixed version of the Python script to exploit CVE-2018-19571 and CVE-2018-19585 (GitLab 1147 - Authenticated Remote Code Execution) that is available at wwwexploit-dbcom/exploits/49263 (Python 39)
Usage
Edit the script and replace the target address there with the actual target address
Also kee