CVE-2021-22205 PoC — GitLab 代码注入漏洞

Source

https://github.com/cc3305/CVE-2021-22205

Associated Vulnerability

Title:GitLab 代码注入漏洞 (CVE-2021-22205)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 Gitlab Community Edition 存在代码注入漏洞，该漏洞源于图像解析器在处理图像文件时输入验证不正确。以下产品及版本受到影响：:Gitlab Community Edition: 11.9.0, 11.9.1, 11.9.2, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 11.9.7, 11.9.8, 11.9.9, 11

Description

CVE-2021-22205 exploit script

Readme

# CVE-2021-22205 

> Preauth RCE via exiftool on Gitlab CE/EE 

## Summary of the CVE

GitLab uses ExifTool to scan every tiff/jpeg/jpg file to remove any tags that are not whitelisted.
But because ExifTool doesn't use file extensions to determine filetype but it rather uses the content of the file, which allows an attacker to upload any file, rename it to tiff/jpeg/jpg and "abuse" any of the ExifTool supported parsers.
When parsing DjVu files ExifTool evals DjVu annotation tokens to convert C escape sequences.

## Affected Versions

- Gitlab CE/EE >= 11.9 < 13.8.8 
- Gitlab CE/EE >= 13.9 < 13.9.6
- Gitlab CE/EE >= 13.10 < 13.8.8

## Anomalies

Uploads a image file to the server.

## References

- [Original Report - vakzz, Apr 07 2021](https://gitlab.com/gitlab-org/gitlab/-/issues/327121)
- [Github POC - Al1ex, Oct 29 2021](https://github.com/Al1ex/CVE-2021-22205)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2021-22205/)

File Snapshot


 [4.0K]  /data/pocs/77698c0baddf535497fc28d849e3a78c0ee93ce4
├── [ 38K]  CVE-2021-22205.py
├── [ 959]  README.md
└── [   9]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!