Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-18649 PoC — GitLab 输入验证错误漏洞

Source
https://github.com/Snowming04/CVE-2018-18649
Associated Vulnerability
Title:GitLab 输入验证错误漏洞 (CVE-2018-18649)
Description:GitLab是一套利用Ruby on Rails开发的开源应用程序,可实现一个自托管的Git(版本控制系统)项目仓库,它拥有与Github类似的功能,可查阅项目的文件内容、提交历史、Bug列表等。 GitLab(社区版本和企业版)11.2.7之前版本、11.3.8之前的11.3.x版本和11.4.3之前的11.4.x版本中的wiki API存在安全漏洞。远程攻击者可利用该漏洞执行代码。
Description
CVE-2018-18649 EXP
Readme
# CVE-2018-18649
CVE-2018-18649 EXP


EXP 说明见:

[Gitlab Wiki API 远程命令执行漏洞 (CVE-2018-18649)](http://blog.leanote.com/post/snowming/b1a0b71e55c7)
File Snapshot

 [4.0K]  /data/pocs/4fb927c64a9037378448542805ff614ad39dd6ac
├── [3.0K]  exp.py
└── [ 168]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.