CVE-2020-10977 PoC — GitLab 路径遍历漏洞

Source

https://github.com/JustMichi/CVE-2020-10977.py

Associated Vulnerability

Title:GitLab 路径遍历漏洞 (CVE-2020-10977)
Description:GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git（版本控制系统）项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab（企业版和社区版）12.9之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。

Description

authenticated arbitrary file read for Gitlab (CVE-2020-10977)

Readme

# CVE-2020-10977.py
*authenticated arbitrary file read for Gitlab (CVE-2020-10977)*

**usage:** CVE-2020-10977.py [-h] [--verifySSL] [-f FILELIST] host token

Exploit for the gitlab local file inclusion (arbitrary authenticated file read - CVE-2020-10977). modify the variable pullfiles to include all the files you want to get from the host or provide them in a list to the script.

**positional arguments:**
- **host**                  hostname of the gitlab instance, e.g. [https://git.xxx.yyy]
- **token**                 the API access token generated within the gitlab account

**optional arguments:**
- **-h, --help**            show this help message and exit
- **--verifySSL**           use 'cert.pem' in the current working dir to verify the server certificate
- **-f FILELIST, --filelist FILELIST**
                        the relative path to the file containing a list with all files you want to pull via LFE

# Credits
Original Exploit Author: Jasper Rasenberg  
Original Exploit: https://www.exploit-db.com/exploits/49076

File Snapshot


 [4.0K]  /data/pocs/b6f73651cb7d7f2145d6faab4a28b7925618afdb
├── [3.8K]  CVE-2020-10977.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!