✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on twitter: https://bbre.dev/tw
This video is about a vulnerability in GitLab that allowed reading any files from the server. The reporter, William Bowling, was rewarded $29,000 of bug bounty.
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Reporter’s Twitter: https://twitter.com/wcbowling
00:34 Importing GitLab groups
04:30 POC – reading arbitrary files on GitLab