added references

gitlab/CVE-2021-22205/README.md

@@ -1,4 +1,4 @@
-# GitLab Pre-Auth Remote Commands Execution (CVE-2021-22205)
+# GitLab Pre-Auth Remote Command Execution (CVE-2021-22205)
 
 [中文版本(Chinese version)](README.zh-cn.md)
 

gitlist/CVE-2018-1000533/README.md

@@ -1,11 +1,17 @@
-# GitList 0.6.0 Remote Commands Execution (CVE-2018-1000533)
+# GitList 0.6.0 Remote Command Execution (CVE-2018-1000533)
 
 [中文版本(Chinese version)](README.zh-cn.md)
 
 GitList is an elegant and modern git repository viewer.
 
 GitList version <= 0.6 contains a passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in executing arbitrary commands as PHP user. This attack appear to be exploitable via POST request using search form.
 
+References:
+
+- <https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322>
+- <https://www.exploit-db.com/exploits/44548>
+- <https://www.leavesongs.com/PENETRATION/escapeshellarg-and-parameter-injection.html>
+
 ## Vulnerable environment
 
 Execute following command to start a GitList server 0.6.0:

gitlist/CVE-2018-1000533/README.zh-cn.md

@@ -2,9 +2,15 @@
 
 gitlist是一款使用PHP开发的图形化git仓库查看工具。在其0.6.0版本及以前，存在一处命令参数注入问题，可以导致远程命令执行漏洞。
 
+参考链接：
+
+- <https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322>
+- <https://www.exploit-db.com/exploits/44548>
+- <https://www.leavesongs.com/PENETRATION/escapeshellarg-and-parameter-injection.html>
+
 ## 环境搭建
 
-执行如下命令启动漏洞环境：
+执行如下命令启动一个GitList 0.6.0：
 
 ```
 docker compose up -d