$25,000 GitHub pages RCE via YAML file – Bug Bounty Reports Explained
Report/blogpost:
https://devcraft.io/2020/10/20/github-pages-multiple-rces-via-kramdown-config.html
Reporter’s twitter:
https://twitter.com/wcbowling
His blog:
https://devcraft.io/
Follow me on twitter:
https://twitter.com/gregxsunday
Opensnoop tool:
https://github.com/brendangregg/perf-tools/blob/master/opensnoop
Timestamps:
00:00 Intro
00:28 What is Github Pages?
00:56 What is Jekyll?
01:46 What is Kramdown?
02:17 The root cause of the vulnerability
03:34 Uploading our .rb file on the server
04:25 Winning the race condition
05:23 The fix, reward and outro
#rce
Add comment