Sunday, December 29, 2013

Two exploits added to ExploitHub


I added two Metasploit exploits to the online ExploitHub non-0day exploit store. I am more than open to feature requests or bug reports.

The first abuses an open upload handler that was common across most, if not all, of Orange Themes Wordpress themes. It has been patched, but is unknown exactly when and seemed to span many older versions as well.

The second abuses a post-auth remote command execution vuln within Gitlab. The vuln is technically present within the gitlab-shell project which is separate from Gitlab itself. I tested the vulnerable version of gitlab-shell with versions 6.4, 6.3, and 6.2 and was able to pop shells on all three. If the admin simply updated Gitlab and not gitlab-shell as well, they may still be vulnerable. The patch is available here.

1 comment:

  1. It is gitlab-shell bug so you should change target software from `GitLab` to `gitlab-shell`
    Also it was fixed 2 month ago and was mentioned in every upgrade guide for GitLab.
    So if user has GitLab 6.4 with this issue - its because he wants it