IDOR Get milestone names of any private projects of Gitlabs
By: @ashish_r_padelkar
Details: Summary: Hello,
It is possible to get Milestone
names of all the GITLAB private projects
Description: When you create any issue for milestones, the following url is used
As you can see, there is parameter issue%5Bmilestone_id%5D
in the request which is the milestone ID. If you replace this ID with any sequential ID, you should see milestones which may be belong to private projects or groups!
Just visit the url<userName>/<Project>/issues/new?issue%5Bmilestone_id%5D=<ProjectID>
You should see name of the milestone populated in
dropdown -
This way you can enumerate all the milestones of GITLAB companies!!
Regards, Ashish
Get milestone names of all the users from GITLAB