CVE-2022-0415
Bookmarked!This course provides an in-depth look at exploiting a remote command execution (RCE) vulnerability in Gogs, a platform for hosting git repositories. Discovered by wuhan005 and documented on huntr.com, this exploit targets the default installation of Gogs when registration is enabled. The key to this vulnerability is the ability to overwrite the .git/config
file, which Git normally prevents. However, Gogs allows file uploads without requiring users to use git, and the upload restrictions do not stop an attacker from overwriting the .git/config
file.
By adding an element named sshCommand
to the git configuration file, an attacker can achieve command execution when a git fetch
or git push
is executed. To ensure the server's git uses ssh
for pushing the uploaded file, the configuration links to a repository that relies on ssh
for transport. This exercise illustrates how attackers can combine a file upload and directory traversal to manipulate the behavior of other accessible applications.