Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-7028 PoC — GitLab 安全漏洞

Source
https://github.com/mochammadrafi/CVE-2023-7028
Associated Vulnerability
Title:GitLab 安全漏洞 (CVE-2023-7028)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab 存在安全漏洞,该漏洞源于用户帐户密码重置电子邮件可能会发送到未经验证的电子邮件地址。
Description
Python Code for Exploit Automation CVE-2023-7028
Readme
## CVE-2023-7028:

CVE-2023-7028 Exploitation Tool

## Description:

This Python script automates the exploitation of a hypothetical security vulnerability (CVE-2023-7028) on GitLab instances. It facilitates password reset attacks on specified target email addresses, demonstrating a potential security risk. The tool supports command-line options for GitLab URL, target email, and optional parameters, with enhancements for handling multiple URLs and emails from a file. Note: This script is intended for educational purposes only and should not be used for unauthorized or malicious activities.

## Features:

- Automated CVE-2023-7028 exploitation on GitLab
- Password reset attack with CSRF token retrieval

## Usage:

```bash
python script.py -u <GitLab URL> -t <Target email> [-e <Evil email>] [-p <Password>]
```

Contributions are welcome! Please follow the guidelines outlined in the CONTRIBUTING.md file.
File Snapshot

 [4.0K]  /data/pocs/a28f358401f06963a94bdb295b5717e2042d4ca4
├── [1.0K]  LICENSE
├── [ 915]  README.md
└── [6.0K]  script.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.