CVE-2022-2185 PoC — GitLab 操作系统命令注入漏洞

Source

https://github.com/ESUAdmin/CVE-2022-2185

Associated Vulnerability

Title:GitLab 操作系统命令注入漏洞 (CVE-2022-2185)
Description:A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Description

wo ee cve-2022-2185 gitlab authenticated rce

Readme

# CVE-2022-2185
wo ee cve-2022-2185 gitlab authenticated rce

read: https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/

## how to use

First spawn a gitlab instance. Log in, create a group and project with a unique name. Create an access token.

Edit these lines in main.go and compile it:

```go
const importProjectName = "projectwtf"
const runCmd = "/bin/sleep inf"
const proxyTo = "http://localhost:8000/"
```

This mitm runs on `*:8100`. Expose it to the Internet.

Log in to target server. Navigate to create a group - import and enter the local server details. When you are going to import, intercept the request and change it:

- `source_type` to `project_entity`
- `source_full_path` to `your_group/your_project`
- if `destination_namespace` is empty, change it to any non-empty name
- `destination_name` is not empty by design

Pass the modified request to server. Wait 255s to get rce.

Note: the command may be run multiple times.

File Snapshot


 [4.0K]  /data/pocs/4012708c475a5a3e085daa08d716906b23702151
├── [2.1K]  main.go
└── [ 974]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!