.. | |||
README.md | Loading last commit info... | ||
api.py | |||
misc_response.json | |||
poc.py |
README.md
Gitlab Bulk Import Project Command Injection (CVE-2022-2185)
Usage
Run the fake gitlab server:
python3 api.py
Server is running on port 8800
Setup a proxy server in front of this server
Modify the target server, username/password
and the FAKE_SERVER
variable in the poc.py script
Run the poc.py
python2 poc.py
Wait for ~5 minutes, the command will get executed!