Unauthenticated RCE on Gitlab version < 13.10.3

Unauthenticated RCE exploit for gitlab version < 13.10.3

For educational/research purpose only. Use at your own risk

Root cause:

# convert C escape sequences (allowed in quoted text)
$tok = eval qq{"$tok"};

Credits

Usage

Need install djvumake & djvulibre to work

Install djvulibre ( if you haven't installed it yet)

sudo apt-get install -y djvulibre-bin

Run exploit

python3 exploit.py -t <gitlab_url> -c <command>

Tested on version 13.10.1-ce.0