For a university assignment i created two exploits for gitea 1.4.0
The lfs exploit creates a fake object id in the database pointing to private repository files. After that we are able to get the file we are pointing to.
The rce exploit uploads a fake session file into the sessions folder to authenticate as the admin. After that we can execute code by putting our exploit code into a git update hook and triggering it.
Both are based on kacperszurek's gitea exploit :) see -> https://github.com/kacperszurek/exploits/tree/master/Gitea Thanks!