CVE-2025-8110

This repository contains a Nuclei template for detecting Gogs instances vulnerable to CVE-2025-8110, a symlink bypass vulnerability leading to RCE. It checks the version via the login page and flags versions <= 0.13.3 as vulnerable.

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for admin credentials and password hashes.

This PoC exploits CVE-2025-8110 in Gogs by creating a malicious repository with a symlink to .git/config, then injecting a reverse shell command via the SSH command directive. The exploit chain involves user registration, token generation, repository creation, and payload delivery.

This repository contains a functional exploit for CVE-2025-8110, a symlink path-traversal vulnerability in Gogs ≤ 0.13.3. The exploit authenticates to a Gogs instance, creates a repository, pushes a symlink named 'authorized_keys' pointing to the target OS user's SSH authorized_keys file, and writes an attacker-controlled SSH public key through the symlink to achieve remote code execution.

This repository contains a functional exploit for CVE-2025-8110, demonstrating remote code execution in Gogs via malicious Git hooks. The exploit includes a malicious post-receive hook and a Python script to simulate pushing a repository with the hook.

This is a detailed technical writeup for the HackTheBox machine 'Silentium', which chains three CVEs (CVE-2025-58434, CVE-2025-59528, and CVE-2025-8110) to achieve full system compromise. It includes step-by-step exploitation details, code snippets, and technical analysis of each vulnerability.

This repository contains a functional Python exploit for CVE-2025-8110, targeting Gogs v0.13.3. The exploit chains authentication, symlink creation, and API abuse to achieve remote code execution via a malicious `.git/config` file.

This repository contains a functional exploit for CVE-2025-8110, a Remote Code Execution vulnerability in Gogs. The exploit leverages a symlink manipulation flaw in the file-update API to overwrite the `.git/config` file with a malicious `sshCommand`, resulting in RCE when Gogs performs an SSH operation.

This repository contains a functional Python exploit for CVE-2025-8110, which achieves remote code execution in Gogs by abusing a symlink bypass to overwrite `.git/config` and inject a malicious `sshCommand`. The exploit automates the entire attack chain, including authentication, repository creation, symlink upload, and payload delivery.

This repository contains a functional exploit for CVE-2025-8110, a Remote Code Execution (RCE) vulnerability in Gogs. The exploit leverages symlink manipulation and git config injection to execute arbitrary commands via malicious `sshCommand` directives.

This repository contains a functional exploit for CVE-2025-8110, a symlink traversal vulnerability in Gogs <= 0.13.3. The exploit leverages the PutContents API to overwrite arbitrary files via symlinks, leading to RCE through multiple strategies (SSH keys, crontab, sshCommand, git hooks).

This exploit leverages CVE-2025-8110 in Gogs by creating a malicious repository with a symlink to the .git/config file, then abusing the API to overwrite it with a reverse shell payload. The script automates registration, authentication, token retrieval, repository creation, and payload delivery.

This repository contains a functional Python exploit for CVE-2025-8110 in Gogs, which achieves RCE by abusing the `PutContents` API to overwrite the `.git/config` file via a symlink, injecting a malicious `sshCommand` to trigger a reverse shell.

This repository contains a functional exploit for CVE-2025-8110, an authenticated remote code execution vulnerability in Gogs v0.13.3. The exploit leverages a symlink attack to overwrite a Git hook with a reverse shell payload, achieving RCE when triggered.

This repository contains a functional Python exploit for CVE-2025-8110, which leverages a symlink bypass in Gogs' PutContents API to overwrite the .git/config file and achieve remote code execution (RCE). The exploit automates the attack chain, including user registration, API token retrieval, repository creation, symlink manipulation, and payload delivery.

This repository contains a functional exploit for CVE-2025-8110, targeting Gogs via a symlink bypass to overwrite .git/config and inject a malicious sshCommand for RCE. The PoC automates repository creation, symlink upload, and payload delivery to achieve a reverse shell.

This repository contains a functional exploit for CVE-2025-8110, which leverages a symlink traversal vulnerability in Gogs' PutContents API to achieve arbitrary file write and RCE. The exploit automates the process of registering a user, creating a repository, pushing a symlink, and writing arbitrary content to sensitive files.

The repository contains a Nuclei template for detecting CVE-2025-8110 in Gogs versions <= 0.13.3 by checking the version and login page. The README is misleading and pushes external downloads, but the YAML file is a legitimate detection scanner.

This repository contains a functional exploit for CVE-2025-8110, a symlink file overwrite vulnerability in Gogs 0.13.2. The exploit leverages the PutContents API to overwrite arbitrary files via symbolic links, leading to remote code execution (RCE) by manipulating Git configuration files.