Golang-CVE-2021-22205-POC

A bare bones CVE-2021-22205 Gitlab RCE POC written in Golang which affects Gitlab CE/EE < 13.10.3 Gitlab CE/EE < 13.9.6 Gitlab CE/EE < 13.8.8.

I've been wanting to learn Golang for a while. I decided to write a POC for CVE-2021-22205 in Golang to help familiarize myself with the language. Please disregard what I am assuming is horribly written code.

Usage: go run CVE-2021-22205.go -t http://127.0.0.1:8080 -c "echo pizza > /tmp/pizza.txt" Where the t flag specifies the target Gitlab instance and the c flag is the command you want to run.

The script is setup to use http://localhost:9090 as a proxy. You'll need to delete that, if you don't want to use a proxy.

A vulnerable docker setup can be found here: https://github.com/vulhub/vulhub/tree/master/gitlab/CVE-2021-22205

CVE Finder Writeup: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
CVE-2021-22205.go		CVE-2021-22205.go
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Golang-CVE-2021-22205-POC

About

Uh oh!

Releases

Packages

Uh oh!

Languages

pizza-power/Golang-CVE-2021-22205-POC

Folders and files

Latest commit

History

Repository files navigation

Golang-CVE-2021-22205-POC

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages