Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Uninitialized GitLab instances

By kannthu

High
Vidoc logoVidoc Module
#gitlab#misconfig#unauth
Description
Author: GitLab Red Team Prior to version 14, GitLab installations required a root password to be set via the web UI. If the administrator skipped this step, any visitor could set a password and control the instance. Reference - https://gitlab.com/gitlab-org/gitlab/-/issues/211328 - https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5331 - https://docs.gitlab.com/omnibus/installation/#set-up-the-initial-password Metadata shodan-query: http.title:"GitLab"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/users/sign_in
Matching conditions
word: Change your password, New password, Conf...and
word: gitlab_sessionand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability