GitLab 11.4.7 Remote Code Execution - Real World CTF 2018
Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a gitlab 1day. Actually two CVEs are combined to achieve full remote code execution:
CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) = RCE
flaglab - docker-compose: https://gist.github.com/LiveOverflow/8bf92dd86e5c481fb484af83c64e83b3#file-docker-compose-yml
Release: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
#CTF #CVE
Видео GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 канала LiveOverflow
CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) = RCE
flaglab - docker-compose: https://gist.github.com/LiveOverflow/8bf92dd86e5c481fb484af83c64e83b3#file-docker-compose-yml
Release: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
#CTF #CVE
Видео GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Analysing a Firefox Malware browserassist.dll - FLARE-On 2018Going to Chinese Hacking Competition - Real World CTF FinalsBreaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)Reverse Engineering Obfuscated JavaScriptHacking into Google's Network for $133,337XSS on Google Search - Sanitizing HTML in The Client?Ethereum Smart Contract Hacking - Real World CTF 2018Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017Google Paid Me to Talk About a Security Issue!Let’s play a game: what is the deadly bug here?How CPUs Access Hardware - Another SerenityOS ExploitCrazy Steam Phishing PageDEF CON CTF 2018 FinalsSolving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018Don't trust timeHow To Learn Hacking With CTFsReversing and Cracking first simple Program - bin 0x05XS-Search abusing the Chrome XSS Auditor - filemanager 35c3ctfBasic Windows Reversing and Attacking Weak Crypto - FLARE-On 2018