An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Vuln Product: Gitlab CE/EE < 13.8.8 < 13.10.3 < 13.9.6
https://github.com/Al1ex/CVE-2021-22205
If you found a GitLab instance, try to login as root/admin with those credentials:
root : 5iveL!fe and admin : 5iveL!fe
You can find it with #shodan : org:"Target" http.title:"GitLab"
doc/set-up-gdk.md · c82f5c4ba003d395d5d59c925c8931a0b9491b20 · GitLab.org / GitLab Development Kit
httpx -l subs.txt -path /.git/config --status-code --silent
Gitlab 14.9
https://www.exploit-db.com/exploits/50888
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.
Exploit: New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:
123qweQWE!@#000000000
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
#GitLab v 15.3.1, 15.2.3, 15.1.5 for Community Edition (CE) and Enterprise Edition (EE)