7.5
CVSSv2

CVE-2018-5955

Published: 21/01/2018 Updated: 06/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 843
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in GitStack up to and including 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated malicious user to add a user to the server via the username and password fields to the rest/user/ URI.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

smartmobilesoftware gitstack

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Powershell def initialize(info = {}) super(update_info(info, ...
## Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution GitStack is “a software that lets you setup your own private Git server for Windows This means that you create a leading edge versioning sy ...

Metasploit Modules

GitStack Unauthenticated REST API Requests

This modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the application's repositories. This module has been tested against GitStack v2.3.10.

msf > use auxiliary/admin/http/gitstack_rest
msf auxiliary(gitstack_rest) > show actions
    ...actions...
msf auxiliary(gitstack_rest) > set ACTION < action-name >
msf auxiliary(gitstack_rest) > show options
    ...show and set options...
msf auxiliary(gitstack_rest) > run
GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10.

msf > use exploit/windows/http/gitstack_rce
      msf exploit(gitstack_rce) > show targets
            ...targets...
      msf exploit(gitstack_rce) > set TARGET <target-id>
      msf exploit(gitstack_rce) > show options
            ...show and set options...
      msf exploit(gitstack_rce) > exploit

Github Repositories

GitStackRCE漏洞(CVE-2018-5955)EXP

GitStackRCE GitStackRCE漏洞(CVE-2018-5955)EXP

自研威胁分析框架

ukiwi 自研威胁分析框架 基于静态规则的流量分析 例1 http_req : method == GET ; uri 包含 %252F ,两次 url 解码后包含 / http_resp: status == 200 ; body 包含 root:x:0:0:root:/root:/bin/ info: description: Spring Cloud Config Server 路径穿越与任意文件读取漏洞 cve-2019-3799 protocol: http match: http_req: method: "GET"

TryHackMe-Wreath Wreath Enumeration ⛩\&gt; nmap -p- -sV -sC -v -oA enum --min-rate 4500 --max-rtt-timeout 1500ms --open 10200188200 Nmap scan report for 10200188200 Host is up (018s latency) Not shown: 65530 filtered ports, 1 closed port Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE VERSION 22/tcp open ssh

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Cerberus 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安

cerberScan 漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

平常看到好的各种工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android