CVE-2022-2992 PoC — GitLab 注入漏洞

Source

https://github.com/Malwareman007/CVE-2022-2992

Associated Vulnerability

Title:GitLab 注入漏洞 (CVE-2022-2992)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab Community Edition (CE)和GitLab Enterprise Edition (EE) 11.10 到 15.1.6 版本、15.2 系列版本15.2.4 之前版本、 15.3系列版本15.3.2 之前版本存在注入漏洞，该漏洞源于允许经过身份验证的用户通过从 GitHub API 端点导入来实现远程代码执行。

Description

Authenticated Remote Command Execution in Gitlab via GitHub import.

File Snapshot


 [4.0K]  /data/pocs/247574e623b79ed83338239f4782ba81cc1c3de8
├── [4.0K]  data
│   ├── [1.5K]  build.sh
│   ├── [ 288]  docker-compose.yml
│   └── [1.4K]  healthy.sh
├── [1.7K]  exploit.py
├── [1.0K]  LICENSE
├── [1.2K]  payload_gen.rb
├── [4.2K]  Readme.md
└── [4.1K]  server.py

1 directory, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!