New target, this time it’s a company that provides VoIP solutions. The target has some serious clients like government organizations, banks and telecom providers. The company asked for an external…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

An attacker managed to exploit a vulnerability in GitLab, taking over accounts of a company that provides VoIP solutions, including government organizations, banks, and telecom providers. The post describes the reconnaissance process, the GitLab enumeration, the specific vulnerability (CVE-2023-7028), and the exploitation process. The attacker harvested email addresses of the company's employees to carry out the account takeover. Once inside, they gained access to all company projects and extracted API keys and credentials.

Real World GitLab Account Take Over

Exploiting The Vulnerability — Account TakeOver