CVE-2023-2825

This repository contains a functional Python exploit for CVE-2023-2825, demonstrating an unauthenticated arbitrary file read vulnerability in GitLab CE/EE 16.0.0 via path traversal. The PoC automates the creation of nested groups, uploads a file, and exploits the vulnerability to read /etc/passwd.

This repository documents a mentorship project where the author exploited CVE-2023-2825, a path traversal vulnerability in GitLab 16.0.0, to read arbitrary files. The writeup includes technical details about the exploit, mitigation steps, and system administration practices.

This repository contains a functional Python exploit for CVE-2023-2825, targeting GitLab's path traversal vulnerability. The script automates the creation of nested groups to traverse directories and read arbitrary files, with support for authentication and proxy usage.

This repository contains a functional exploit PoC for CVE-2023-2825, a path traversal vulnerability in GitLab. The script sends a crafted HTTP request to read arbitrary files (e.g., /etc/passwd) by exploiting improper path sanitization in nested group projects.

This repository contains a functional exploit for CVE-2023-2825, a path traversal vulnerability in GitLab CE/EE 16.0.0. The PoC automates the exploitation process by creating nested groups, a project, uploading a file, and then leveraging a path traversal to read arbitrary files (e.g., /etc/passwd).

This repository contains a functional Python exploit for CVE-2023-2825, a path traversal vulnerability in GitLab 16.0.0. The PoC automates the creation of nested groups, a public repository, and file upload to exploit the vulnerability and read arbitrary files (e.g., /etc/passwd).

This Metasploit module exploits a directory traversal vulnerability in GitLab 16.0.0, allowing authenticated users to read arbitrary files by creating nested groups and a project to facilitate path traversal.