CVE-2021-22201 PoC — GitLab 安全漏洞

Source

https://github.com/exp1orer/CVE-2021-22201

Associated Vulnerability

Title:GitLab 安全漏洞 (CVE-2021-22201)
Description:GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git（版本控制系统）项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab CE/EE affecting all versions starting from 13.9 存在安全漏洞，该漏洞源于个特别制作的导入文件可以读取服务器上的文件。

Description

CVE-2021–22201 Arbitrary file read on Gitlab

Readme

# CVE-2021-22201
CVE-2021–22201 Arbitrary file read on Gitlab 

13.9.0 <= Gitlab < 13.9.5

## Usage

**python CVE-2021-22201.py url username password**

![](https://raw.githubusercontent.com/exp1orer/CVE-2021-22201/main/edf814bc-cc66-11eb-9332-a683e7be0e99.png)

## 参考

[CVE-2021–22201: Arbitrary file read on Gitlab | by Son Nguy3n | Jun, 2021 | tradahacking](https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3)

[Project import/export API | GitLab](https://docs.gitlab.com/ee/api/project_import_export.html#import-status)

[#1132378 Arbitrary file read during project import](https://hackerone.com/reports/1132378)

File Snapshot


 [4.0K]  /data/pocs/f5b71bd115faf20c4c42633f1662576a84579acf
├── [ 12K]  CVE-2021-22201.py
├── [397K]  edf814bc-cc66-11eb-9332-a683e7be0e99.png
└── [ 656]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!