Module: Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Version

Included in:
Version
Defined in:
lib/msf/core/exploit/remote/http/gitlab/rest/v4/version.rb

Instance Method Summary collapse

Instance Method Details

#gitlab_version_restString?

Extracts the Gitlab version information from the authenticated rest endpoint

Returns:

  • (String, nil)

    Gitlab version if found, nil otherwise

Raises:



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# File 'lib/msf/core/exploit/remote/http/gitlab/rest/v4/version.rb', line 7

def gitlab_version_rest
  res = send_request_cgi({
    'method' => 'GET',
    'uri' => normalize_uri(target_uri.path, '/api/v4/version'),
    'keep_cookies' => true
  })
  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::VersionError unless res.code == 200

  body = JSON.parse(res.body)
  version = body['version'][Regexp.new(Msf::Exploit::Remote::HTTP::Gitlab::GITLAB_VERSION_PATTERN), 1]

  return version if version

  nil
end