CVE-2023-7028 PoC — Weak Password Recovery Mechanism for Forgotten Password in GitLab

Source

https://github.com/mochammadrafi/CVE-2023-7028

Associated Vulnerability

Title:Weak Password Recovery Mechanism for Forgotten Password in GitLab (CVE-2023-7028)
Description:An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Description

Python Code for Exploit Automation CVE-2023-7028

Readme

## CVE-2023-7028:

CVE-2023-7028 Exploitation Tool

## Description:

This Python script automates the exploitation of a hypothetical security vulnerability (CVE-2023-7028) on GitLab instances. It facilitates password reset attacks on specified target email addresses, demonstrating a potential security risk. The tool supports command-line options for GitLab URL, target email, and optional parameters, with enhancements for handling multiple URLs and emails from a file. Note: This script is intended for educational purposes only and should not be used for unauthorized or malicious activities.

## Features:

- Automated CVE-2023-7028 exploitation on GitLab
- Password reset attack with CSRF token retrieval

## Usage:

```bash
python script.py -u <GitLab URL> -t <Target email> [-e <Evil email>] [-p <Password>]
```

Contributions are welcome! Please follow the guidelines outlined in the CONTRIBUTING.md file.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!