cve-2020-10977 icon indicating copy to clipboard operation
cve-2020-10977 copied to clipboard

Published 20 hours ago verified publisher icon thewhiteh4t

KeyError: 'data-project-id'

Open mksbcisco opened this issue 4 years ago • 7 comments

[>] Found By : vakzz [ https://hackerone.com/reports/827052 ] [>] PoC By : thewhiteh4t [ https://twitter.com/thewhiteh4t ]

[+] Target : URL [+] Username : USER [+] Password : PASS [+] Project Names : ProjectOne, ProjectTwo

[!] Trying to Login... /ncsrf-token in login func: [+] Login Successful! [!] Creating ProjectOne... [!] Creating ProjectTwo... [>] Absolute Path to File : /etc/passwd [!] Creating an Issue... [-] Status : 404 [-] Failed to Create an Issue! [!] Moving Issue... Traceback (most recent call last): File "/root/rce_gitlab.py", line 273, in move_issue(project_names[0], project_names[1], filename) File "/root/rce_gitlab.py", line 192, in move_issue project_id = body.attrs['data-project-id'] KeyError: 'data-project-id'

mksbcisco avatar Feb 23 '21 14:02 mksbcisco

seems body.attrs has nothing, it seems that it should have a value stored in key 'data-project-id' but nothing is assigned

mksbcisco avatar Feb 23 '21 15:02 mksbcisco

its for 12.8.1 ?

thewhiteh4t avatar Feb 23 '21 17:02 thewhiteh4t

Yes, I finally exploited with metasploit but wanted to use your way

mksbcisco avatar Feb 23 '21 17:02 mksbcisco

I'm also running into this error when running against gitlab 11.6.3

DenverEllis avatar Jul 06 '21 21:07 DenverEllis

Do you sovle this problem?l also meet this bug.

wbzh0u avatar Jul 24 '21 09:07 wbzh0u

@wbzh0u which version?

thewhiteh4t avatar Jul 24 '21 09:07 thewhiteh4t

@wbzh0u哪个版本?

gitlab 8.8.5 not work

killdayu avatar Jul 27 '21 08:07 killdayu