关联漏洞
标题:
GitLab 安全漏洞
(CVE-2023-7028)
描述:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab 存在安全漏洞,该漏洞源于用户帐户密码重置电子邮件可能会发送到未经验证的电子邮件地址。
描述
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week.
介绍
# CVE-2023-7028_lab
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week.
This repository contains a Docker setup and a Python script to test the CVE-2023-7028 vulnerability in GitLab. The provided script automates the exploitation process.
## Prerequisites
- Docker and Docker Compose installed on your system.
- Basic knowledge of Docker and Python.
## Setup Instructions
### 1. Install Docker
If Docker is not installed on your system, install it using the following commands:
```sh
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo apt-get install docker-compose
```
#### 2. Starting the GitLab container:
following command
```sh
cd CVE-2023-7028
docker-compose up -d
```
### 3. Configure GitLab
Visit http://your-server-ip in your browser and complete the initial GitLab setup.
### 4. Run the Exploit Script
running python-file or open this link --> https://github.com/Vozec/CVE-2023-7028
文件快照
[4.0K] /data/pocs/4ef0f1aca0d51267616341dce837cf355d7a55f5
├── [ 303] docker-compose.yml
├── [8.3K] exploit.py
└── [1022] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。