CVE-2023-7028

This exploit demonstrates an authentication bypass vulnerability in GitLab CE/EE by manipulating the password reset functionality through a parameter pollution attack. The PoC shows how an attacker can associate their email with a valid user's account to potentially reset the password.

This repository contains a functional exploit for CVE-2023-7028, which targets GitLab's password reset functionality. The exploit automates the process of sending a password reset request to both the target and an attacker-controlled email, then intercepts the reset token to change the target's password.

The repository contains a functional Python script that exploits CVE-2023-7028, a vulnerability in GitLab allowing account takeover via password reset without user interaction. The script automates the process of grabbing a CSRF token and sending a crafted password reset request to change the victim's email to the attacker's email.

The repository contains a functional exploit for CVE-2023-7028, which abuses GitLab's password reset functionality to send reset emails to both a target and an attacker-controlled email. The exploit automates CSRF token retrieval and crafted request submission to trigger the vulnerability.

The repository contains a functional exploit PoC for CVE-2023-7028, which allows password reset emails to be sent to unverified email addresses in GitLab. The script automates the exploitation process by sending a crafted request to the password reset endpoint.

This repository contains a functional Python exploit for CVE-2023-7028, a GitLab password reset poisoning vulnerability. The exploit abuses the `/users/password` endpoint to send password reset emails to both the victim and attacker-controlled email addresses, enabling account takeover.

The repository contains a functional exploit for CVE-2023-7028, an account takeover vulnerability in GitLab. The exploit leverages a flaw in the password reset form to send reset tokens to both the victim's and attacker's email addresses, allowing the attacker to hijack the account.

This repository contains a functional exploit for CVE-2023-7028, which targets GitLab's password reset functionality. The exploit automates the process of sending a password reset request to both the target and an attacker-controlled email, then intercepts the reset token to change the target's password.

This repository contains a functional exploit for CVE-2023-7028, which targets GitLab's password reset functionality. The exploit automates the process of sending a password reset request to both the target and an attacker-controlled email, then intercepts the reset token to change the target's password.

The repository contains a functional exploit for CVE-2023-7028, which leverages a bug in GitLab's password reset email verification to send reset codes to both the target and attacker-controlled email addresses. The exploit automates the process of triggering the vulnerability by crafting a malicious password reset request.

The repository provides a Docker setup for GitLab 16.1.4 but lacks actual exploit code, instead redirecting users to external resources (blog, other GitHub repos) for the PoC. The README is vague and does not include technical details about the vulnerability.

This repository contains a functional exploit for CVE-2023-7028, which leverages an email injection vulnerability in GitLab's password reset functionality. The exploit sends a crafted password reset request to both the victim's and attacker's email addresses, allowing the attacker to intercept the reset link.

This repository contains a functional exploit for CVE-2023-7028, which abuses GitLab's password reset functionality to send reset emails to both the victim and attacker. The exploit leverages a parameter pollution vulnerability to manipulate email delivery.

The repository contains a functional exploit for CVE-2023-7028, which allows an attacker to take over a GitLab account via password reset without user interaction. The exploit sends a crafted POST request with manipulated email parameters to trigger the vulnerability.

This repository contains a functional exploit for CVE-2023-7028, an account takeover vulnerability in GitLab. The exploit automates the process of resetting a target user's password by leveraging a flaw in the password reset mechanism, using either a temporary email service or a user-provided email.

This repository contains a functional Python script that automates the exploitation of CVE-2023-7028, a vulnerability in GitLab allowing password reset attacks via CSRF token manipulation. The script sends crafted requests to trigger password reset emails to both target and attacker-controlled addresses.

This PoC exploits CVE-2023-7028, an account takeover vulnerability in GitLab, by abusing the password reset functionality to send a reset link to an attacker-controlled email. It automates the process of requesting a password reset, intercepting the reset token via a temporary email service, and changing the victim's password.

The repository contains a functional proof-of-concept for CVE-2023-7028, demonstrating an email parameter manipulation vulnerability in GitLab. The exploit leverages array-based parameter injection to bypass validation, allowing an attacker to inject malicious email addresses.

This Metasploit module exploits CVE-2023-7028, a GitLab account takeover vulnerability via password reset functionality. It sends a password reset request with two email addresses (target and attacker-controlled) to bypass authentication.