diff --git a/exploits/ruby/webapps/50888.txt b/exploits/ruby/webapps/50888.txt new file mode 100644 index 000000000..de9ff0160 --- /dev/null +++ b/exploits/ruby/webapps/50888.txt @@ -0,0 +1,17 @@ +# Exploit Title: Gitlab 14.9 - Authentication Bypass +# Date: 12/04/2022 +# Exploit Authors: Greenwolf & stacksmashing +# Vendor Homepage: https://about.gitlab.com/ +# Software Link: https://about.gitlab.com/install +# Version: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 +# Tested on: Linux +# CVE : CVE-2022-1162 +# References: https://github.com/Greenwolf/CVE-2022-1162 + +A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts. + +Exploit: + +New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password: + +123qweQWE!@#000000000 \ No newline at end of file diff --git a/exploits/ruby/webapps/50889.txt b/exploits/ruby/webapps/50889.txt new file mode 100644 index 000000000..443839f0b --- /dev/null +++ b/exploits/ruby/webapps/50889.txt @@ -0,0 +1,19 @@ +# Exploit Title: Gitlab Stored XSS +# Date: 12/04/2022 +# Exploit Authors: Greenwolf & stacksmashing +# Vendor Homepage: https://about.gitlab.com/ +# Software Link: https://about.gitlab.com/install +# Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 +# Tested on: Linux +# CVE : CVE-2022-1175 +# References: https://github.com/Greenwolf/CVE-2022-1175 + +Any user can create a project with Stored XSS in an issue. XSS on Gitlab is very dangerous and it can create personal access tokens leading users who visit the XSS page to silently have the accounts backdoor. + +Can be abused by changing the base of the project to your site, so scripts are sourced by your site. Change javascript on your site to match the script names being called in the page. This can break things on the page though. + +
+
+Standard script include also works depending on the sites CSP policy. This is more stealthy.
+
+
\ No newline at end of file
diff --git a/exploits/windows/local/50883.txt b/exploits/windows/local/50883.txt
deleted file mode 100644
index 836ce762b..000000000
--- a/exploits/windows/local/50883.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
-# Exploit Author: Kağan Çapar
-# Date: 2020-04-12
-# Vendor homepage: https://www.7-zip.org/
-# Software link: https://www.7-zip.org/a/7z2107-x64.msi
-# Version: 21.07 and all versions
-# Tested On: Windows 10 Pro (x64)
-# References: https://github.com/kagancapar/CVE-2022-29072
-
-# About:
-7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
-
-# Proof of Concept:
-
-
-