CVE-2020-10977 PoC — GitLab 路径遍历漏洞

Source

https://github.com/JustMichi/CVE-2020-10977.py

Associated Vulnerability

Title:GitLab 路径遍历漏洞 (CVE-2020-10977)
Description:GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

Description

authenticated arbitrary file read for Gitlab (CVE-2020-10977)

Readme

# CVE-2020-10977.py
*authenticated arbitrary file read for Gitlab (CVE-2020-10977)*

**usage:** CVE-2020-10977.py [-h] [--verifySSL] [-f FILELIST] host token

Exploit for the gitlab local file inclusion (arbitrary authenticated file read - CVE-2020-10977). modify the variable pullfiles to include all the files you want to get from the host or provide them in a list to the script.

**positional arguments:**
- **host**                  hostname of the gitlab instance, e.g. [https://git.xxx.yyy]
- **token**                 the API access token generated within the gitlab account

**optional arguments:**
- **-h, --help**            show this help message and exit
- **--verifySSL**           use 'cert.pem' in the current working dir to verify the server certificate
- **-f FILELIST, --filelist FILELIST**
                        the relative path to the file containing a list with all files you want to pull via LFE

# Credits
Original Exploit Author: Jasper Rasenberg  
Original Exploit: https://www.exploit-db.com/exploits/49076

File Snapshot


 [4.0K]  /data/pocs/b6f73651cb7d7f2145d6faab4a28b7925618afdb
├── [3.8K]  CVE-2020-10977.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!