Home

Awesome

GitLab-Wiki-RCE

RCE Exploit for Gitlab < 13.9.4

Usage

python3 exploit.py -u root -p password -c "commandhere" -t "http://gitlab.example.com"

Environment

export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.9.1-ce.0

Credits

Exploit-db