CVE-2021-22205 PoC — GitLab 代码注入漏洞

Source

https://github.com/cc3305/CVE-2021-22205

Associated Vulnerability

Title:GitLab 代码注入漏洞 (CVE-2021-22205)
Description:An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Description

CVE-2021-22205 exploit script

Readme

# CVE-2021-22205 

> Preauth RCE via exiftool on Gitlab CE/EE 

## Summary of the CVE

GitLab uses ExifTool to scan every tiff/jpeg/jpg file to remove any tags that are not whitelisted.
But because ExifTool doesn't use file extensions to determine filetype but it rather uses the content of the file, which allows an attacker to upload any file, rename it to tiff/jpeg/jpg and "abuse" any of the ExifTool supported parsers.
When parsing DjVu files ExifTool evals DjVu annotation tokens to convert C escape sequences.

## Affected Versions

- Gitlab CE/EE >= 11.9 < 13.8.8 
- Gitlab CE/EE >= 13.9 < 13.9.6
- Gitlab CE/EE >= 13.10 < 13.8.8

## Anomalies

Uploads a image file to the server.

## References

- [Original Report - vakzz, Apr 07 2021](https://gitlab.com/gitlab-org/gitlab/-/issues/327121)
- [Github POC - Al1ex, Oct 29 2021](https://github.com/Al1ex/CVE-2021-22205)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2021-22205/)

File Snapshot


 [4.0K]  /data/pocs/77698c0baddf535497fc28d849e3a78c0ee93ce4
├── [ 38K]  CVE-2021-22205.py
├── [ 959]  README.md
└── [   9]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!