关联漏洞
标题:
GitLab 安全漏洞
(CVE-2023-7028)
描述:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab 存在安全漏洞,该漏洞源于用户帐户密码重置电子邮件可能会发送到未经验证的电子邮件地址。
描述
Python Code for Exploit Automation CVE-2023-7028
介绍
## CVE-2023-7028:
CVE-2023-7028 Exploitation Tool
## Description:
This Python script automates the exploitation of a hypothetical security vulnerability (CVE-2023-7028) on GitLab instances. It facilitates password reset attacks on specified target email addresses, demonstrating a potential security risk. The tool supports command-line options for GitLab URL, target email, and optional parameters, with enhancements for handling multiple URLs and emails from a file. Note: This script is intended for educational purposes only and should not be used for unauthorized or malicious activities.
## Features:
- Automated CVE-2023-7028 exploitation on GitLab
- Password reset attack with CSRF token retrieval
## Usage:
```bash
python script.py -u <GitLab URL> -t <Target email> [-e <Evil email>] [-p <Password>]
```
Contributions are welcome! Please follow the guidelines outlined in the CONTRIBUTING.md file.
文件快照
[4.0K] /data/pocs/a28f358401f06963a94bdb295b5717e2042d4ca4
├── [1.0K] LICENSE
├── [ 915] README.md
└── [6.0K] script.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。