what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files

Git LFS Clone Command Execution
Posted Aug 31, 2021
Authored by Shelby Pace, Matheus Tavares, Johannes Schindelin | Site metasploit.com

Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of repository files which enables the placement of a Git hook in the .git/hooks directory. By default, this Metasploit module writes a post-checkout script so that the payload will automatically be executed upon checkout of the repository.

tags | exploit, remote, code execution
advisories | CVE-2021-21300
SHA-256 | e98b3afb62859d7020a7dd7d9fa1db727066effb6fcaf6be5eb8fbff19874b9d

Related Files

GitLab User Enumeration
Posted Sep 1, 2024
Authored by Ben Campbell | Site metasploit.com

The GitLab internal API is exposed unauthenticated on GitLab. This allows the username for each SSH Key ID number to be retrieved. Users who do not have an SSH Key cannot be enumerated in this fashion. LDAP users, e.g. Active Directory users will also be returned. This issue was fixed in GitLab v7.5.0 and is present from GitLab v5.0.0.

tags | exploit
SHA-256 | 71630cfcfed3904689a0ba6bbbfad435b4547e989b51038e7a14ced61cb53df9
GitLab GraphQL API User Enumeration
Posted Sep 1, 2024
Authored by jbaines-r7, mungsul | Site metasploit.com

This Metasploit module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5.

tags | exploit
advisories | CVE-2021-4191
SHA-256 | 37361393f26eabdc1c128ac8137d1d761bdfdcc8e7201453e7e793df6a7c3a27
HTTP Git Scanner
Posted Sep 1, 2024
Authored by Jon Hart, Nixawk | Site metasploit.com

This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.

tags | exploit, web, vulnerability, info disclosure
SHA-256 | f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08c
GitLab Password Reset Account Takeover
Posted Aug 31, 2024
Authored by h00die, asterion04 | Site metasploit.com

This Metasploit module exploits an account-take-over vulnerability that allows users to take control of a gitlab account without user interaction. The vulnerability lies in the password reset functionality. Its possible to provide 2 emails and the reset code will be sent to both. It is therefore possible to provide the e-mail address of the target account as well as that of one we control, and to reset the password. 2-factor authentication prevents this vulnerability from being exploitable. There is no discernable difference between a vulnerable and non-vulnerable server response. Vulnerable versions include: 16.1 < 16.1.6, 16.2 < 16.2.9, 16.3 < 16.3.7, 16.4 < 16.4.5, 16.5 < 16.5.6, 16.6 < 16.6.4, and 16.7 < 16.7.2.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | 2a079a5ea68c49929249db07a48797389f6a5b63a1ad6670bced19ea343c8ecf
GitStack Unauthenticated REST API Requests
Posted Aug 31, 2024
Authored by Kacper Szurek, Jacob Robles | Site metasploit.com

This Metasploit modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the applications repositories. This Metasploit module has been tested against GitStack v2.3.10.

tags | exploit
advisories | CVE-2018-5955
SHA-256 | 9c42f5f230d90c174810268b0beac5ce6dae1160eced3fca962ef937bce0e330
GitLab Tags RSS Feed Email Disclosure
Posted Aug 31, 2024
Authored by n00bhaxor, erruquill | Site metasploit.com

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It is possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

tags | exploit
advisories | CVE-2023-5612
SHA-256 | 62ce2c8280f3e5fc62225b1364f2a471b91cf622a571b2b9ffbd1a00a324ba26
GitLab Authenticated File Read
Posted Aug 31, 2024
Authored by h00die, Vitellozzo, pwnie | Site metasploit.com

GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www user. This Metasploit module requires authentication for exploitation. In order to use this module, a user must be able to create a project and groups. When exploiting this vulnerability, there is a direct correlation between the traversal depth, and the depth of groups the vulnerable project is in. The minimum for this seems to be 5, but up to 11 have also been observed. An example of this, is if the directory traversal needs a depth of 11, a group and 10 nested child groups, each a sub of the previous, will be created (adding up to 11). Visually this looks like: Group1->sub1->sub2->sub3->sub4->sub5->sub6->sub7->sub8->sub9->sub10. If the depth was 5, a group and 4 nested child groups would be created. With all these requirements satisfied a dummy file is uploaded, and the full traversal is then executed. Cleanup is performed by deleting the first group which cascades to deleting all other objects created.

tags | exploit, arbitrary
advisories | CVE-2023-2825
SHA-256 | 69b07b1cbc660e9b657d46058136f20875b62aea95d13f5799d7b0fd27caa958
Gitea 1.22.0 Cross Site Scripting
Posted Aug 29, 2024
Authored by Catalin Iovita, Alexandru Postolache

Gitea version 1.22.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-6886
SHA-256 | 679d63e8928338a2795080c2e8acf6c63870fd815e5470dd05c9c71ca4c12184
GitLens Git Local Configuration Execution
Posted Apr 23, 2024
Authored by h00die, Paul Gerste | Site metasploit.com

GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.

tags | exploit, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2023-46944
SHA-256 | b8273beeca3962657f6a9b1d3bfeafcc468090839b20a36ae8bb674024aa42ce
GitLab CE/EE Password Reset
Posted Mar 14, 2024
Authored by Sebastian Kriesten

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3
GitLab 15.3 Remote Code Execution
Posted Apr 3, 2023
Authored by Antonio Francesco Sardella

GitLab version 15.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-2884
SHA-256 | 6b39aa9dd2e2a7bec60b18975a9f1d8372e350f6d1ff923d82041ba07d234f5c
GitLab GitHub Repo Import Deserialization Remote Code Execution
Posted Feb 15, 2023
Authored by Heyder Andrade, William Bowling, RedWay Security | Site metasploit.com

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

tags | exploit, remote, code execution, protocol
advisories | CVE-2022-2992
SHA-256 | 01b86153e9b59cbce82f32a07b24098f2267f0bddf0bec3fcf3243c9d0b7d820
Gitea Git Fetch Remote Code Execution
Posted Nov 17, 2022
Authored by krastanoel, wuhan005, li4n0 | Site metasploit.com

This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.

tags | exploit, remote
advisories | CVE-2022-30781
SHA-256 | dba6b158933e4ec6089f6364c6b953e84d8ade82305acdf446dc098ee940e1dd
Gitea 1.16.6 Remote Code Execution
Posted Sep 15, 2022
Authored by krastanoel, wuhan005, li4n0 | Site metasploit.com

This Metasploit module exploits the Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affects Gitea versions prior to 1.16.7.

tags | exploit, remote
advisories | CVE-2022-30781
SHA-256 | dd896fa69248da44c654b1dacf601582e7c11220a2ca6e9f2bbf86da8fcd544b
Gitlab 14.9 Cross Site Scripting
Posted Apr 26, 2022
Authored by stacksmashing, Greenwolf

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1175
SHA-256 | 8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6
Gitlab 14.9 Authentication Bypass
Posted Apr 26, 2022
Authored by stacksmashing, Greenwolf

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a bypass vulnerability due to having set a hardcoded password for accounts registered using an OmniAuth provider.

tags | exploit, bypass
advisories | CVE-2022-1162
SHA-256 | b9871a137c86a7af7a3f259af24481816299cde62d5eef695abcb78150bb320f
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
SHA-256 | a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60
GitLab Unauthenticated Remote ExifTool Command Injection
Posted Nov 4, 2021
Authored by William Bowling, jbaines-r7 | Site metasploit.com

This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.

tags | exploit, file upload
advisories | CVE-2021-22204, CVE-2021-22205
SHA-256 | 674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56
Git git-lfs Remote Code Execution
Posted Sep 16, 2021
Authored by Dawid Golunski, jheysel-r7, space-r7 | Site metasploit.com

This Metasploit modules exploits a critical vulnerability in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2020-27955
SHA-256 | aa2d400dab7c8721b2c5166ed34cccd536045aa8292ad9a6b5fb2e07509a8b9e
Gitlab 13.10.2 Remote Code Execution
Posted Jun 4, 2021
Authored by enox

Gitlab version 13.10.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | fdd3bf5424a5516bb5299cd43e4d54baa10324040cc743962df9d063321ddcab
Gitlab 13.9.3 Remote Code Execution
Posted Jun 3, 2021
Authored by enox

Gitlab version 13.9.3 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | caf8edec9ec8c7e7c6f9952908afef2e43a89a4f0838ce4fa452b92c75110fc9
GitLab Community Edition (CE) 13.10.3 User Enumeration
Posted May 3, 2021
Authored by 4D0niiS

GitLab Community Edition (CE) version 13.10.3 suffers from multiple user enumeration vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 5d420382a54e49ae96ced981f0727ae390e51d108048932dd69d45374578bae6
GitHub Missing Audit Logging
Posted Apr 28, 2021
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and without notification or audit logging accessible in the UI to either the project owners or the public.

tags | exploit
SHA-256 | a9d09c7f970e183298b90b8052e3412ba79d05b1448bd2d0c9c5ff3dfc4ead5b
Gitea Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-14144
SHA-256 | 777838a8c7aba78aa158817a5091acfd7337de3556b2fc8c26c13ab9c90a1621
Gitea 1.12.5 Remote Code Execution
Posted Feb 18, 2021
Authored by Podalirius

Gitea version 1.12.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 2e393151dd708e15c61f1611fe9a4ff583e2479ce02c55061ec3edece7a76adc
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close