CVE-2021-22205

This exploit leverages CVE-2021-22205 in GitLab versions before 13.10.3, 13.9.6, and 13.8.8 by crafting a malicious DjVu file that triggers a reverse shell via ExifTool. The payload is sent to a vulnerable GitLab instance, resulting in unauthenticated remote code execution.

This repository contains a functional exploit for CVE-2021-22205, a remote command execution vulnerability in GitLab CE/EE. The exploit leverages improper validation of image files passed to a file parser, allowing arbitrary command execution via a crafted multipart form upload.

This repository contains a functional exploit for CVE-2021-22205, an RCE vulnerability in GitLab affecting versions >=11.9, <13.8.8, >=13.9, <13.9.6, and >=13.10, <13.10.3. The exploit leverages ExifTool's vulnerability to achieve remote code execution via crafted image uploads and out-of-band (OOB) techniques like DNSLog and RequestBin.

This repository contains a functional exploit for CVE-2021-22205, leveraging ExifTool's DjVu metadata parsing vulnerability to achieve unauthenticated RCE on GitLab versions < 13.10.3. The exploit crafts a malicious DjVu file, uploads it as a JPG, and triggers command execution via eval injection in ExifTool.

This repository contains a functional exploit for CVE-2021-22205, targeting GitLab's file upload functionality to achieve remote code execution (RCE). The exploit leverages a crafted multipart/form-data request with a malicious payload embedded in an image file to trigger command execution.

This repository contains a functional exploit for CVE-2021-22205, an unauthenticated remote code execution vulnerability in GitLab. The PoC constructs a malicious file upload request with embedded commands, leveraging a CSRF token to bypass protections and achieve RCE.

This repository contains a functional exploit for CVE-2021-22205, a GitLab RCE vulnerability. The exploit leverages a crafted payload uploaded via the file upload feature to achieve remote code execution, supporting both authenticated and unauthenticated scenarios.

This repository contains a functional exploit for CVE-2021-22205, a GitLab RCE vulnerability. The Go-based tool supports multiple attack modes including detection via DNSLog, RCE via Postbin OOB, reverse shell, and file upload.

This repository contains a functional exploit for CVE-2021-22205, a command injection vulnerability in GitLab's image file parser. The exploit leverages a maliciously crafted DJVU file to execute arbitrary commands, including reverse shell functionality.

This repository contains a functional exploit for CVE-2021-22205, a remote code execution vulnerability in GitLab. The exploit leverages a malicious DJVU file upload to trigger command execution via metadata processing.

This repository contains a functional exploit for CVE-2021-22205, an ExifTool RCE vulnerability in GitLab. The exploit leverages a malicious DjVu file to achieve remote code execution via a reverse shell payload.

This repository contains a functional Go-based exploit for CVE-2021-22205, which leverages an ExifTool vulnerability in GitLab to achieve remote code execution (RCE). The exploit crafts a malicious image file with embedded commands and uploads it to a vulnerable GitLab instance.

This repository contains a functional exploit for CVE-2021-22205, which leverages improper image file validation in GitLab to achieve unauthenticated remote command execution. The exploit crafts a malicious image file with embedded commands and sends it to the GitLab upload endpoint.

This repository provides a functional exploit for CVE-2021-22205, a GitLab RCE vulnerability. It uses crafted DjVu files uploaded via issue attachments to execute arbitrary commands, resulting in a reverse shell.

This repository contains a functional bash-based PoC for CVE-2021-22205, a pre-authentication RCE vulnerability in GitLab. The exploit crafts a malicious ExifTool file and uploads it via a POST request to trigger command execution.

This repository contains a functional bash script that exploits CVE-2021-22205, an arbitrary command execution vulnerability in GitLab. The script crafts a malicious image file with embedded commands and uploads it to a vulnerable GitLab instance, leveraging CSRF tokens and session cookies for authentication bypass.

This repository contains a functional exploit for CVE-2021-22205, a remote command execution vulnerability in GitLab. The script sends a malicious file upload request with embedded commands to trigger RCE on vulnerable GitLab instances.

This repository contains a script to fingerprint GitLab instances for CVE-2021-22205, which is an authentication bypass vulnerability. The script is designed to detect the presence of the vulnerability rather than exploit it.

The repository contains only a minimal README with the CVE identifier and no additional technical details or exploit code. It is a placeholder with no substantive content.

This repository contains a functional exploit for CVE-2021-22205, a remote command execution vulnerability in GitLab CE/EE. The exploit leverages improper image file validation to execute arbitrary commands via a crafted multipart/form-data upload.

This repository provides a Docker-based environment to replicate and test CVE-2021-22205, an ExifTool vulnerability in GitLab EE 13.9.5. It includes a pre-configured vulnerable GitLab instance with necessary dependencies and a dummy network interface setup.

This repository contains a functional exploit for CVE-2021-22205, a remote command execution vulnerability in GitLab CE/EE. The exploit leverages improper image file validation to execute arbitrary commands via a crafted multipart form upload.

This repository contains a functional exploit for CVE-2021-22205, which targets a command injection vulnerability in GitLab's ExifTool integration. The exploit uploads a maliciously crafted DjVu file with embedded commands that are executed on the target system.

This repository contains a functional exploit for CVE-2021-22205, a remote command execution vulnerability in GitLab CE/EE. The exploit leverages improper image file validation to execute arbitrary commands via a crafted multipart form upload.

The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It is a placeholder with minimal content.

This script exploits CVE-2021-22205, a GitLab arbitrary file write vulnerability, by uploading a malicious JPEG file containing a reverse shell payload. The exploit uses a crafted file upload to achieve remote code execution (RCE) on the target system.

This repository contains a functional exploit for CVE-2021-22205, a command injection vulnerability in GitLab. The exploit leverages a crafted DJVU file upload to execute arbitrary commands via DNS exfiltration.

The repository contains only Docker Compose files for setting up GitLab instances with vulnerable and patched versions but lacks any exploit code or technical details. It serves as a minimal setup for testing CVE-2021-22205 but does not demonstrate the vulnerability.

This Metasploit module exploits CVE-2021-22204, an unauthenticated remote command injection vulnerability in GitLab via ExifTool. It uploads a malicious JPEG file with embedded Perl code to achieve RCE as the 'git' user.