CVE-2018-19571

This repository contains a Python-based exploit for CVE-2018-19571, which targets GitLab 11.4.7 CE. The exploit leverages an SSRF vulnerability combined with Redis command injection to achieve remote code execution (RCE) by creating a malicious project and triggering a reverse shell.

This repository demonstrates CVE-2018-19571, an SSRF vulnerability in GitLab combined with CRLF injection to achieve RCE via Redis and Sidekiq job manipulation.

This is a working exploit for GitLab 11.4.7 that chains SSRF (CVE-2018-19571) and CRLF injection (CVE-2018-19585) to achieve authenticated remote code execution via Redis manipulation. It generates a Python reverse shell and executes it in two stages: download and execution.

This exploit leverages a Redis injection vulnerability in GitLab 11.4.7 to achieve remote code execution by manipulating the project import URL to inject malicious Redis commands, which then execute a reverse shell.

This exploit leverages CVE-2018-19571 and CVE-2018-19585 to achieve RCE in GitLab 11.4.7 by abusing Redis deserialization via a crafted project import URL. It sends a malicious payload to execute a reverse shell.