Land #4969, GitLab module references
commit
6f51946aa0
|
@ -15,10 +15,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'GitLab Login Utility',
|
||||
'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.',
|
||||
'Author' => [ 'Ben Campbell' ],
|
||||
'License' => MSF_LICENSE
|
||||
'Name' => 'GitLab Login Utility',
|
||||
'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.',
|
||||
'Author' => [ 'Ben Campbell' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/']
|
||||
]
|
||||
)
|
||||
|
||||
register_options(
|
||||
|
|
|
@ -15,17 +15,21 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def initialize(info = {})
|
||||
super(update_info(
|
||||
info,
|
||||
'Name' => 'GitLab User Enumeration',
|
||||
'Description' => "
|
||||
'Name' => 'GitLab User Enumeration',
|
||||
'Description' => "
|
||||
The GitLab 'internal' API is exposed unauthenticated on GitLab. This
|
||||
allows the username for each SSH Key ID number to be retrieved. Users
|
||||
who do not have an SSH Key cannot be enumerated in this fashion. LDAP
|
||||
users, e.g. Active Directory users will also be returned. This issue
|
||||
was fixed in GitLab v7.5.0 and is present from GitLab v5.0.0.
|
||||
",
|
||||
'Author' => 'Ben Campbell',
|
||||
'License' => MSF_LICENSE,
|
||||
'DisclosureDate' => 'Nov 21 2014'
|
||||
'Author' => 'Ben Campbell',
|
||||
'License' => MSF_LICENSE,
|
||||
'DisclosureDate' => 'Nov 21 2014',
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/']
|
||||
]
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
Loading…
Reference in New Issue