This Metasploit modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the applications repositories. This Metasploit module has been tested against GitStack v2.3.10.
9c42f5f230d90c174810268b0beac5ce6dae1160eced3fca962ef937bce0e330
This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.
cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275f