Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22205 PoC — GitLab 代码注入漏洞

Source
https://github.com/whwlsfb/CVE-2021-22205
Associated Vulnerability
Title:GitLab 代码注入漏洞 (CVE-2021-22205)
Description:An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Description
CVE-2021-22205 Gitlab 未授权远程代码执行漏洞 EXP, 移除了对djvumake & djvulibre的依赖,可在win平台使用
Readme
# CVE-2021-22205

> 基于 [mr-r3bot/Gitlab-CVE-2021-22205](https://github.com/mr-r3bot/Gitlab-CVE-2021-22205) 的Fork

## 简介
CVE-2021-22205: Gitlab 未授权远程代码执行漏洞 EXP

移除了对djvumake & djvulibre的依赖,直接内部生成payload,可在win平台执行。


## 使用方法

```shell
# 需要授权
python3 exploit.py -u <username> -p <password> -t <gitlab_url> -c <command>
# 未授权
python3 exploit.py -t <gitlab_url> -c <command>
```
File Snapshot

 [4.0K]  /data/pocs/69d7aa1919be7835185089c8da56ab70a0963c28
├── [3.0K]  exploit.py
└── [ 472]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →