GitList vulnerable to eval hack

GitList a popular self-hosted git repository viewer is vulnerable to a very serious bug in their core application. It allows for URL command evaluation to be run by any user able to view their repos.

A common installation on a domain looks like this

http://example.com/gitlist

It’s easy to spot a vulnerable installation by just looking at the footer, if you see “Powered by GitList” odds are it’s vulnerable. Non vulnerable are usually have the version number in the footer like “Powered by GitList 0.4.0”

To exploit this simply find a repo and append a string like the following.

http://example.com/gitlist/someRepoName/blame/master/""`ls -lah`

After you will see a listing of all the files in the repo directory. ls -lah can be any system command.

This vulnerability got fixed in later version but it is still much out there in the wild. A simple google search:

"Powered by GitList"

Results in thousands of results of people running this software. If you have this somewhere, you must update it.

Read More

Polldaddy Votes Hack V2

This software is no longer maintained, ┬áthere isn’t going to any updates from me at least. I’ve released the source-code if anyone wants to work on it.

Source code: PolldaddyHack

 

Proof-of-concept:

Seeing as how people were having difficulties using the CLI Polldaddy Hack tool I decided to make a GUI that would make it faster to not only gather the correct Poll answers but to also submit votes faster.

Polldaddy Hack
Polldaddy Hack V2 2013

To use this new tool just download the file zip file and extract the contents. Follow the video below on how to use it.

Download Polldaddy Hack V2
(more…)

Read More