3 Videos for Gogs RCE

PRO
Tier
difficulty_hard_icon
Hard
clock icon
1-2 Hrs.
number of users completed icon
660
badge icon
Green Badge
image of exercise CVE-2018-18925 - Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2018-18925 - Introduction

In this video, we explore the CVE-2018-18925 vulnerability as part of the green badge exercise. We delve into the basics of session management, different session storage mechanisms, and how a directory traversal vulnerability in Gogs can be exploited.

video duration icon04:57 number of views icon1420

 

image of exercise CVE-2018-18925: Exploitation - part 1
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2018-18925: Exploitation - part 1

In this video, we explore the exploitation of CVE-2018-18925, focusing on issues with session IDs and session file forgery in Gogs. We set up a vulnerable Docker container, configure the service, and extract a valid session for further testing.

video duration icon07:32 number of views icon1727

 

image of exercise CVE-2018-18925: Exploitation - part 2
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2018-18925: Exploitation - part 2

In this video, we cover the exploitation of CVE-2018-18925 as part of the Green Badge. We demonstrate how to leverage a directory traversal vulnerability in Gogs to escalate our privileges to an administrator level.

video duration icon07:26 number of views icon1540