We, Tencent Security Xuanwu Lab, have successfully carried out serveral remote attacks on the most popular git web servers in 2018.
This time we are willing to share our full, in-depth details on this research. In this presentation, we will explain the inner working of this technique. Multiple 0-days of different git web servers are included in this presentation.
We will also present an in-depth analysis of the attack surfaces in the most popular git web servers, including the Gitlab, Github enterprise, Gogs and Gitea.
For instance, we exploited a vulnerability on CI Runner to hack into the intranet of Gitlab; we have also found serveral remote code execution (RCE) and server-side request forgery (SSRF) vulnerabilities in Gogs and Gitea.
Finally, we will talk about two attack chains to successfully perform remote code execution on Gogs. To the best of our knowledge, this presentation will be the first to demonstrate these new attack surfaces of git web servers.