Gitlab Bulk Import Project Command Injection (CVE-2022-2185)
Usage
Run the fake gitlab server:
python3 api.py
Server is running on port 8800
Setup a proxy server in front of this server
Modify the target server, username/password
and the FAKE_SERVER
variable in the poc.py script
Run the poc.py
python2 poc.py
Wait for ~5 minutes, the command will get executed!