This exploit targets GitStack 2.3.10, leveraging unauthenticated remote code execution by injecting PHP code into a repository's web interface. It automates user creation, repository setup, and payload delivery via HTTP Basic Auth manipulation.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:GitStack 2.3.10
No auth needed
Prerequisites:Network access to GitStack web interface · GitStack 2.3.10 with default or vulnerable configuration