Рет қаралды 149,008
Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a gitlab 1day. Actually two CVEs are combined to achieve full remote code execution:
CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) = RCE
flaglab - docker-compose: gist.github.com/LiveOverflow/...
Release: about.gitlab.com/2018/11/28/s...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
#CTF #CVE