CVE-2020-10977

This is a Python-based exploit for CVE-2020-10977, an arbitrary file read vulnerability in GitLab versions 12.9.0 and below. It authenticates via the web GUI, creates projects, and leverages issue movement to read arbitrary files.

This PoC exploits CVE-2020-10977, an arbitrary file read vulnerability in GitLab, by leveraging a path traversal flaw in issue descriptions. It authenticates, creates a project/issue with a malicious file path, and retrieves the file content via a crafted URL.

This repository contains a functional exploit for CVE-2020-10977, which chains an arbitrary file read vulnerability with a deserialization flaw in GitLab's `experimentation_subject_id` cookie to achieve remote code execution. The exploit leverages the file read to extract the Rails `secret_key_base` and then crafts a malicious cookie to execute arbitrary commands.

This is a functional exploit for CVE-2020-10977, targeting GitLab versions 12.4.0 to 12.8.1. It automates user creation, authentication, and leverages a path traversal vulnerability to exfiltrate the `secrets.yml` file, which is then used to forge a malicious session cookie for remote code execution.

This repository contains a functional exploit for CVE-2020-10977, which targets GitLab. The exploit leverages a deserialization vulnerability to achieve remote code execution (RCE) by stealing the `secret_key_base` and crafting a malicious cookie.

This is a functional exploit for CVE-2020-10977, an authenticated arbitrary file read vulnerability in GitLab versions before 12.9.0. It leverages a path traversal in issue descriptions to read local files on the GitLab server.

This exploit leverages a path traversal vulnerability in GitLab's issue attachment handling to read arbitrary files from the server. It creates projects and issues, then moves the issue to trigger the vulnerability, exposing the file content via a crafted URL.

This is a Python-based exploit for CVE-2020-10977, an authenticated arbitrary file read vulnerability in GitLab 12.8.1. It leverages a path traversal flaw in issue descriptions to exfiltrate files from the target system.

This Metasploit module exploits a deserialization vulnerability in GitLab, allowing authenticated users to achieve remote code execution (RCE) by crafting malicious serialized objects. The exploit leverages GitLab's session handling and project management features to execute arbitrary commands.