POC详情: 9b683e54baef768c989c89dc5dba9a10f79d1e11

来源
https://github.com/ph-arm/CVE-2021-22204-Gitlab
关联漏洞
标题: exiftool 代码注入漏洞 (CVE-2021-22204)
描述:exiftool是一个应用软件。使元数据更易于访问。 ExifTool 7.44版本及之前版本存在代码注入漏洞,该漏洞允许在解析恶意图像时任意执行代码。
描述
Modification of gitlab exploit anything under 13.10
介绍
# Gitlab-Exiftool-RCE
Original repos : https://github.com/CsEnox/Gitlab-Exiftool-RCE
Creds to CsEnox.
RCE Exploit for Gitlab < 13.10.3
- GitLab Workhorse will pass any file to ExifTool. The current bug is in the DjVu module of ExifTool.
- Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve RCE via a specially crafted file

## Usage
```
python3 exploit.py -c "command here" -t http://gitlab.example.com
```

## Environment
- Tested on Gitlab 13.10.2 Community Edition
- Building your own test environment :
```
export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.10.2-ce.0
 ```

## Credits
- https://hackerone.com/reports/1154542 : vakzz
- https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

## Exploit-DB
- https://www.exploit-db.com/exploits/49951
文件快照

 [4.0K]  /data/pocs/9b683e54baef768c989c89dc5dba9a10f79d1e11
├── [2.6K]  exploit.py
└── [1.1K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。