github actions vulnerability or "why bug bounties are a scam" (intermediate) anthony explains
HTML-код
- Опубликовано: 11 сен 2024
- today I talk about a vulnerability I found in github actions involving the `pull_request_target` feature and how it escalates to credential access / full repository access. I found over ~350 vulnerable repositories including ones owned by google, amazon, microsoft, alibabi, psf and more and document my experience (or lack thereof) with bug bounty programs.
more information on this vulnerability:
- github's blog post about it: securitylab.gi...
- proof of concept repository: github.com/thr... (archived because otherwise you can exploit it!)
- previous `set-env` / `add-path` vulnerability information: bugs.chromium....
- sponsor me on github: github.com/spo...
playlist: • anthony explains
==========
twitch: / anthonywritescode
dicsord: / discord
twitter: / codewithanthony
github: github.com/aso...
stream github: github.com/ant...
I won't ask for subscriptions / likes / comments in videos but it really helps the channel. If you have any suggestions or things you'd like to see please comment below!
When "how to hack google" tutorial has 8 likes
IMHO secrets should be only injected on commits part of the host repository, so should be set to empty on forks and prs, or so I'd expect 🥺
yeahhhhh fortunately for `on: pull_request` this is the case -- but pull_request_target is pretty yikes
Damn.. should of got that bug bounty $$$
Man you deserve more attention, anyeay we appreciate your content so, maybe quantity over quality? 🤷
heh I mean you're commenting on video 210 of an almost 500-long playlist that gets 3 videos a week -- already doing the quantity part and I try and make the content as quality as possible :)
@@anthonywritescode I mean in terms of viewers, not videos