Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GitLab public signup

By kannthu

Informative
Vidoc logoVidoc Module
#gitlab#misconfig
Description

GitLab public signup

What is the "GitLab public signup?"

The "GitLab public signup" module is designed to detect misconfigurations related to the public signup feature in GitLab. GitLab is a web-based DevOps lifecycle tool that provides a complete workflow to manage source code, collaborate on projects, and automate software development processes. This module focuses on identifying any misconfigurations in the public signup functionality of GitLab instances.

This module has an informative severity level, which means it provides valuable information but does not indicate a critical vulnerability or misconfiguration.

Impact

A misconfigured public signup feature in GitLab can have various impacts, including:

- Potential unauthorized access to the GitLab instance - Increase in the attack surface, making it easier for attackers to target the system - Possibility of unauthorized users registering and gaining access to sensitive information

How the module works?

The "GitLab public signup" module works by sending HTTP requests to the target GitLab instance and analyzing the responses based on specific matching conditions. It checks for the presence of certain HTML elements and verifies the response status code to determine if the public signup feature is misconfigured.

Here is an example of an HTTP request used by this module:

GET /users/sign_in

The module then applies the following matching conditions:

- Checks if the response contains the HTML element with the link to the registration page: <a data-qa-selector="register_link" href="/users/sign_up">Register now</a> - Verifies if the response contains the HTML element for the new user registration button: data-qa-selector="new_user_register_button" - Ensures that the response includes the expected URL for GitLab: https://about.gitlab.com - Confirms that the response status code is 200 (OK) - Checks if the response does not contain the HTML meta tag with the description of "GitLab.com"

If all the matching conditions are met, the module reports a potential misconfiguration in the public signup feature of the GitLab instance.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/users/sign_in
Matching conditions
word: <a data-qa-selector="register_link" href...and
word: https://about.gitlab.comand
status: 200and
NOT word: <meta content="GitLab.com" property="og:...
Passive global matcher
No matching conditions.
On match action
Report vulnerability