Загрузка страницы
Все видеоНовые видеоПопулярные видеоКатегории видео

GitLab 11.4.7 Remote Code Execution - Real World CTF 2018

Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a gitlab 1day. Actually two CVEs are combined to achieve full remote code execution:

CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) = RCE

flaglab - docker-compose: https://gist.github.com/LiveOverflow/8bf92dd86e5c481fb484af83c64e83b3#file-docker-compose-yml
Release: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

#CTF #CVE

Видео GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 канала LiveOverflow
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
21 апреля 2019 г. 16:38:17
00:14:03
LiveOverflow
Теги
Правообладателям
Жалоба
Комментарии
Другие видео канала
Analysing a Firefox Malware browserassist.dll - FLARE-On 2018Analysing a Firefox Malware browserassist.dll - FLARE-On 2018Going to Chinese Hacking Competition - Real World CTF FinalsGoing to Chinese Hacking Competition - Real World CTF FinalsBreaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)Reverse Engineering Obfuscated JavaScriptReverse Engineering Obfuscated JavaScriptHacking into Google's Network for $133,337Hacking into Google's Network for $133,337XSS on Google Search - Sanitizing HTML in The Client?XSS on Google Search - Sanitizing HTML in The Client?Ethereum Smart Contract Hacking - Real World CTF 2018Ethereum Smart Contract Hacking - Real World CTF 2018Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017Google Paid Me to Talk About a Security Issue!Google Paid Me to Talk About a Security Issue!Let’s play a game: what is the deadly bug here?Let’s play a game: what is the deadly bug here?How CPUs Access Hardware - Another SerenityOS ExploitHow CPUs Access Hardware - Another SerenityOS ExploitCrazy Steam Phishing PageCrazy Steam Phishing PageDEF CON CTF 2018 FinalsDEF CON CTF 2018 FinalsSolving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018Don't trust timeDon't trust timeHow To Learn Hacking With CTFsHow To Learn Hacking With CTFsReversing and Cracking first simple Program - bin 0x05Reversing and Cracking first simple Program - bin 0x05XS-Search abusing the Chrome XSS Auditor - filemanager 35c3ctfXS-Search abusing the Chrome XSS Auditor - filemanager 35c3ctfBasic Windows Reversing and Attacking Weak Crypto - FLARE-On 2018Basic Windows Reversing and Attacking Weak Crypto - FLARE-On 2018
Статистика портала
Яндекс.Метрика
© 2008-2024 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения
salda.ws salda.ws@mail.ru
Сейчас на сайте: 512 Статистика портала