Land #4969, GitLab module references

bug/bundler_fix
William Vu 2015-03-20 17:26:51 -05:00
commit 6f51946aa0
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
2 changed files with 17 additions and 9 deletions

View File

@ -15,10 +15,14 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'GitLab Login Utility',
'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.',
'Author' => [ 'Ben Campbell' ],
'License' => MSF_LICENSE
'Name' => 'GitLab Login Utility',
'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.',
'Author' => [ 'Ben Campbell' ],
'License' => MSF_LICENSE,
'References' =>
[
['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/']
]
)
register_options(

View File

@ -15,17 +15,21 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {})
super(update_info(
info,
'Name' => 'GitLab User Enumeration',
'Description' => "
'Name' => 'GitLab User Enumeration',
'Description' => "
The GitLab 'internal' API is exposed unauthenticated on GitLab. This
allows the username for each SSH Key ID number to be retrieved. Users
who do not have an SSH Key cannot be enumerated in this fashion. LDAP
users, e.g. Active Directory users will also be returned. This issue
was fixed in GitLab v7.5.0 and is present from GitLab v5.0.0.
",
'Author' => 'Ben Campbell',
'License' => MSF_LICENSE,
'DisclosureDate' => 'Nov 21 2014'
'Author' => 'Ben Campbell',
'License' => MSF_LICENSE,
'DisclosureDate' => 'Nov 21 2014',
'References' =>
[
['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/']
]
))
register_options(