what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Podalirius

Gogs Git Hooks Remote Code Execution

Posted Apr 7, 2021

Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gogs web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. No mitigation has been implemented so far (latest stable version is 0.12.3). This module has been tested successfully against version 0.12.3 on docker. Windows version could not be tested since the git hook feature seems to be broken.

tags | exploit, remote, web, code execution

systems | windows

advisories | CVE-2020-15867

SHA-256 | 4e19a5ed4cbfca5897bf97baac1af8eb8a2e38d3a71e67bc5dd454724c8f460d

Download | Favorite | View

Gitea Git Hooks Remote Code Execution

Posted Apr 7, 2021

Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.

tags | exploit, remote, web, code execution

systems | windows

advisories | CVE-2020-14144

SHA-256 | 777838a8c7aba78aa158817a5091acfd7337de3556b2fc8c26c13ab9c90a1621

Download | Favorite | View

Gitea 1.12.5 Remote Code Execution

Posted Feb 18, 2021

Authored by Podalirius

Gitea version 1.12.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

SHA-256 | 2e393151dd708e15c61f1611fe9a4ff583e2479ce02c55061ec3edece7a76adc

Download | Favorite | View