Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-9086 PoC — GitLab 目录遍历漏洞

Source
https://github.com/vulhub/vulhub/blob/master/gitlab/CVE-2016-9086/README.md
Associated Vulnerability
Title:GitLab 目录遍历漏洞 (CVE-2016-9086)
Description:GitLab是一套利用Ruby on Rails开发的开源应用程序,可实现一个自托管的Git(版本控制系统)项目仓库,它拥有与Github类似的功能,可查阅项目的文件内容、提交历史、Bug列表等。 GitLab中的‘import/export project’功能中存在目录遍历漏洞,该漏洞源于程序没有正确检查用户提供文档中的符号链接。攻击者可利用该漏洞检索任意文件的内容。以下版本受到影响:GitLab CE和EE 8.13.0至8.13.2版本,8.12.0至8.12.7版本,8.11.0至8.11.10
File Snapshot

 # GitLab Arbitrary File Disclosure (CVE-2016-9086)

[中文版本(Chinese version)](README.zh-cn.md)

GitLab

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.