Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab CVE-2023-7028

Name: Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab CVE-2023-7028
Rating: 5 (232 reviews)

2024-01-26 | CVSS 10.0

## https://sploitus.com/exploit?id=36921E95-606E-58E5-B8E7-C01A959D7B3A
## CVE-2023-7028:

CVE-2023-7028 Exploitation Tool

## Description:

This Python script automates the exploitation of a hypothetical security vulnerability (CVE-2023-7028) on GitLab instances. It facilitates password reset attacks on specified target email addresses, demonstrating a potential security risk. The tool supports command-line options for GitLab URL, target email, and optional parameters, with enhancements for handling multiple URLs and emails from a file. Note: This script is intended for educational purposes only and should not be used for unauthorized or malicious activities.

## Features:

- Automated CVE-2023-7028 exploitation on GitLab
- Password reset attack with CSRF token retrieval

## Usage:

```bash
python script.py -u <GitLab URL> -t <Target email> [-e <Evil email>] [-p <Password>]
```

Contributions are welcome! Please follow the guidelines outlined in the CONTRIBUTING.md file.