Gitlab-Exiftool-RCE

RCE Exploit for Gitlab < 13.10.3

GitLab Workhorse will pass any file to ExifTool. The current bug is in the DjVu module of ExifTool.
Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve RCE via a specially crafted file

Usage

python3 exploit.py -u root -p root -c "command here" -t http://gitlab.example.com

Environment

Tested on Gitlab 13.10.2 Community Edition
Building your own test environment :

export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.10.2-ce.0

Credits

Exploit-DB

https://www.exploit-db.com/exploits/49951

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Gitlab-Exiftool-RCE

Usage

Environment

Credits

Exploit-DB

About

Releases

Packages

Languages

CsEnox/Gitlab-Exiftool-RCE

Folders and files

Latest commit

History

Repository files navigation

Gitlab-Exiftool-RCE

Usage

Environment

Credits

Exploit-DB

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages