Hi everyone,
Kacper Szurek has publicly-disclosed an unauthenticated remote code
execution in Gitea, a self-hosted GIT client.
The exploit code can be found here:
https://github.com/kacperszurek/exploits/tree/master/Gitea
Google dork: "Gitea Version:" "Page:" "Template:" inurl:/explore/repos
Make sure to add /explore/repos to your path-bruteforce list. You could
easily use meg to find Gitea instances in the wild.
$ meg -d 100 -c 200 /explore/repos list.txt
$ grep -Hnri "gitea" out/
You can read up about this issue in more detail here:
https://security.szurek.pl/gitea-1-4-0-unauthenticated-rce.html.
- Ed
