Remote Code Execution on Git.imgur-dev.com

Disclosed: 2017-04-16 17:19:46 By orange To imgur

Critical

Vulnerability Details

Hi, Imgur Security Team: I just found that your GitHub Enterprise Server(https://git.imgur-dev.com/) didn't patch to the latest version(2.8.7). And there is a Rails static key leads to RCE vulnerability! You can see the PoC from my screenshots :)

Actions

View on HackerOne

Report Stats

Report ID: 206227
State: Closed
Substate: resolved
Upvotes: 119

Remote Code Execution on Git.imgur-dev.com

Vulnerability Details

Actions

Report Stats

Share this report