CVE-2012-2122 #42
CVE-2012-2122 #42
Conversation
olegbck
left a comment
olegbck
left a comment
There was a problem hiding this comment.
CVE-2012-2122 seems to be working, I see the "Exploit Success!" message. CVE-2021-22205 doesn't work, see my comments.
| dest: /opt/CVE-2021-22205/ | ||
|
|
||
| - name: Load GitLab Docker image | ||
| command: docker load -i /opt/CVE-2021-22205/gitlab-13.10.1.tar |
There was a problem hiding this comment.
Please use built-in commands to access Docker
| command: docker load -i /opt/CVE-2021-22205/gitlab-13.10.1.tar | ||
|
|
||
| - name: Start Docker Compose services | ||
| command: docker compose up -d --build |
There was a problem hiding this comment.
Please use built-in commands to access Docker
|
|
||
| - name: Copy CVE-2021-22205 | ||
| ansible.builtin.copy: | ||
| src: ./data/ |
There was a problem hiding this comment.
We only need to copy poc.py. Otherwise we end up copying gitlab-13.10.1.tar which is 2.6GB. The execution will run longer and create bigger snapshots.
| playbook: ubuntu2.yml | ||
| command: | ||
| - "sleep 180" | ||
| - "python /opt/CVE-2021-22205/poc.py http://ubuntu1:8080 \"touch /tmp/success\"" |
There was a problem hiding this comment.
It shows to me:
2025-01-03 15:47:09,035 - CRITICAL - [main] Command failed: <UnexpectedExit: cmd='python /opt/CVE-2021-22205/poc.py http://ubuntu1:8080 "touch /tmp/success"' exited=1>
| ubuntu1: | ||
| playbook: ubuntu1.yml | ||
| command: | ||
| - "ls /tmp/success" |
There was a problem hiding this comment.
It shows to me:
2025-01-03 15:47:09,178 - CRITICAL - [main] Command failed: <UnexpectedExit: cmd='ls /tmp/success' exited=2>
2 participants
Used to reproduce CVE-2012-2122. Can successfully log into MySQL and execute statements without needing a password.