Back to directory

WRITEUP #6250

How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!

SSRFRCECRLF injectionInsecure deserialization

by@orange_8361(Orange Tsai)

Bounty

12,500

Program

GitHub

Published

Jul 28, 2017

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html

▸ RELATED WRITEUPS

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Vulnerabilities in Homepage Dashboard

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Built with ❤️ by Shubham Rawat