More info from the DevOoops talk
Remote Code Execution in GitList
background blog post here: http://hatriot.github.io/blog/2014/06/29/gitlist-rce/
P.S. if you don't read that blog, you should :-)
http://www.exploit-db.com/exploits/33929/
MSF module:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/gitlist_exec.rb
Read the blog post for the interesting details.
fun screenies
Manually checking if a site is vulnerable
Fixes:
current stable version 0.5.0 fixes the issue
Remote Code Execution in GitList
background blog post here: http://hatriot.github.io/blog/2014/06/29/gitlist-rce/
P.S. if you don't read that blog, you should :-)
http://www.exploit-db.com/exploits/33929/
MSF module:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/gitlist_exec.rb
Read the blog post for the interesting details.
fun screenies
Manually checking if a site is vulnerable
Backdoor PHP using the python POC
Shell via the metasploit module
I didn't think anyone used this stuff, but its apparently pretty popular
current stable version 0.5.0 fixes the issue