Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-30781 PoC — Gitea 安全漏洞

Source
https://github.com/wuhan005/CVE-2022-30781
Associated Vulnerability
Title:Gitea 安全漏洞 (CVE-2022-30781)
Description:Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea 1.16.7 版本存在安全漏洞,该漏洞源于不会逃脱 git fetch remote。
Description
🍵 Gitea repository migration remote command execution exploit.
Readme
# 🍵 CVE-2022-30781
Gitea repository migration remote command execution exploit.

## How to use

1. Run an HTTP filesystem server with the files in this repository.
2. Edit the command to be exeucted in `api/v1/repos/e99/exp/pulls/1/index.html L96`.
3. Migrate remote repository with URL `http://<your_host>/e99/exp` on the Gitea instance.
4. Pwnned!

## Reference

https://tttang.com/archive/1607/  (Chinese)

## Credit

[@wuhan005](https://github.com/wuhan005) [@Li4n0](https://github.com/li4n0) from Vidar-Team

**This repository is only for security researches/teaching purposes, use at your own risk!**
File Snapshot

 [4.0K]  /data/pocs/93f5c25f7c16502134b019b2dd7885212d3249b6
├── [4.0K]  api
│   └── [4.0K]  v1
│       ├── [4.0K]  repos
│       │   └── [4.0K]  e99
│       │       └── [4.0K]  exp
│       │           ├── [1.9K]  index.html
│       │           ├── [4.0K]  issues
│       │           │   └── [4.0K]  1
│       │           │       ├── [4.0K]  comments
│       │           │       │   └── [   2]  index.html
│       │           │       └── [4.0K]  reviews
│       │           │           └── [   2]  index.html
│       │           ├── [4.0K]  pulls
│       │           │   ├── [4.0K]  1
│       │           │   │   └── [4.0K]  reviews
│       │           │   │       └── [   2]  index.html
│       │           │   └── [6.9K]  index.html
│       │           └── [4.0K]  topics
│       │               └── [  13]  index.html
│       ├── [4.0K]  settings
│       │   └── [4.0K]  api
│       │       └── [ 116]  index.html
│       └── [4.0K]  version
│           └── [  21]  index.html
└── [ 610]  README.md

16 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.