Back to directory

WRITEUP #1727

Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory

RCECI/CDOS command injection

by@KarimPwnz(Karim Rahal)

Program

GitHub

Published

Jan 5, 2023

Added to HackDex

Jan 29, 2024

Read Full Writeuphttps://karimrahal.com/2023/01/05/github-actions-leaking-secrets/

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

SSD Advisory – SonicWall SMA100 Stored XSS To RCE

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat