CVE-2023-7028 PoC — GitLab 安全漏洞

Source

https://github.com/soltanali0/CVE-2023-7028

Associated Vulnerability

Title:GitLab 安全漏洞 (CVE-2023-7028)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab 存在安全漏洞，该漏洞源于用户帐户密码重置电子邮件可能会发送到未经验证的电子邮件地址。

Description

Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week.

Readme

# CVE-2023-7028_lab
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week.

This repository contains a Docker setup and a Python script to test the CVE-2023-7028 vulnerability in GitLab. The provided script automates the exploitation process.

## Prerequisites

- Docker and Docker Compose installed on your system.
- Basic knowledge of Docker and Python.

## Setup Instructions

### 1. Install Docker

If Docker is not installed on your system, install it using the following commands:

```sh
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo apt-get install docker-compose
```

#### 2. Starting the GitLab container:

following command

```sh
cd CVE-2023-7028
docker-compose up -d
```
### 3. Configure GitLab
Visit http://your-server-ip in your browser and complete the initial GitLab setup.

### 4. Run the Exploit Script

running python-file or open this link --> https://github.com/Vozec/CVE-2023-7028

File Snapshot


 [4.0K]  /data/pocs/4ef0f1aca0d51267616341dce837cf355d7a55f5
├── [ 303]  docker-compose.yml
├── [8.3K]  exploit.py
└── [1022]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!