• Close
  • Back to search

    Gitlist Unauthenticated Remote Command Execution

    This module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.

    Free Metasploit Download

    Get your copy of the world's leading penetration testing tool

     Download Now

    Module Name

    exploit/linux/http/gitlist_exec

    Authors

    • drone
    • Brandon Perry <bperry.volatile [at] gmail.com>

    References

    Targets

    • Gitlist 0.4.0

    Platforms

    • unix

    Architectures

    • cmd

    Reliability

    Development

    Module Options

    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

    msf > use exploit/linux/http/gitlist_exec msf exploit(gitlist_exec) > show targets ...targets... msf exploit(gitlist_exec) > set TARGET <target-id> msf exploit(gitlist_exec) > show options ...show and set options... msf exploit(gitlist_exec) > exploit