HouqiyuA · April 25, 2025 09:51
diff --git a/gistfile1.txt b/gistfile1.txt
 import requests
 from urllib.parse import urljoin

 # 配置目标地址和请求头
 BASE_URL = "http://DEPLOYED_GITLAB_HOST"
 ENDPOINT = "/api/v4/user/keys"
 HEADERS = {
    "Accept": "application/json",
    "PRIVATE-TOKEN": "YOUR_TOKEN"
 }

 def print_request_response(req_headers, response):

    print("\n=== Request Headers ===")
    for k, v in req_headers.items():
        print(f"{k}: {v}")

    print("\n=== Response ===")
    print(f"Status Code: {response.status_code}")
    print("Response Headers:")
    for k, v in response.headers.items():
        print(f"{k}: {v}")
    print(f"\nResponse Body: {response.text}")

 def test_host_header_injection():

    print("\n=== [TEST] Host Header Injection ===")
    host_variations = [
        "evil.com",
        "localhost",
        "127.0.0.1",
        "gitlab.example.com",
        "192.168.126.129",
        ""
    ]

    for host in host_variations:
        print(f"\nTesting Host: {host if host else '(empty)'}")
        modified_headers = HEADERS.copy()
        if host:
            modified_headers["Host"] = host
        else:
            modified_headers.pop("Host", None)

        try:
            response = requests.get(urljoin(BASE_URL, ENDPOINT), headers=modified_headers)
            print(f"Status: {response.status_code}")
            if response.status_code != 401:  
                print("UNEXPECTED RESPONSE! Potential host header vulnerability")
                print_request_response(modified_headers, response)
        except requests.exceptions.RequestException as e:
            print(f"Request failed: {str(e)}")

 if __name__ == "__main__":
    test_host_header_injection()
	import requests
	from urllib.parse import urljoin

	# 配置目标地址和请求头
	BASE_URL = "http://DEPLOYED_GITLAB_HOST"
	ENDPOINT = "/api/v4/user/keys"
	HEADERS = {
	"Accept": "application/json",
	"PRIVATE-TOKEN": "YOUR_TOKEN"
	}

	def print_request_response(req_headers, response):

	print("\n=== Request Headers ===")
	for k, v in req_headers.items():
	print(f"{k}: {v}")

	print("\n=== Response ===")
	print(f"Status Code: {response.status_code}")
	print("Response Headers:")
	for k, v in response.headers.items():
	print(f"{k}: {v}")
	print(f"\nResponse Body: {response.text}")

	def test_host_header_injection():

	print("\n=== [TEST] Host Header Injection ===")
	host_variations = [
	"evil.com",
	"localhost",
	"127.0.0.1",
	"gitlab.example.com",
	"192.168.126.129",
	""
	]

	for host in host_variations:
	print(f"\nTesting Host: {host if host else '(empty)'}")
	modified_headers = HEADERS.copy()
	if host:
	modified_headers["Host"] = host
	else:
	modified_headers.pop("Host", None)

	try:
	response = requests.get(urljoin(BASE_URL, ENDPOINT), headers=modified_headers)
	print(f"Status: {response.status_code}")
	if response.status_code != 401:
	print("UNEXPECTED RESPONSE! Potential host header vulnerability")
	print_request_response(modified_headers, response)
	except requests.exceptions.RequestException as e:
	print(f"Request failed: {str(e)}")

	if __name__ == "__main__":
	test_host_header_injection()
No results found