Vulnerability & Exploit Database

Back to search

Gitlab-shell Code Execution

This module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account, valid credentials are required to exploit this vulnerability.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/gitlab_shell_exec

Authors

  • Brandon Knight

References

Targets

  • Linux
  • Linux (x64)
  • Unix (CMD)
  • Python

Platforms

  • linux
  • unix
  • python

Architectures

  • x86
  • x64
  • cmd
  • python

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/gitlab_shell_exec msf exploit(gitlab_shell_exec) > show targets ...targets... msf exploit(gitlab_shell_exec) > set TARGET <target-id> msf exploit(gitlab_shell_exec) > show options ...show and set options... msf exploit(gitlab_shell_exec) > exploit