CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub Security Lab
? Article about writing this query and more practical tips: https://members.bugbountyexplained.com/how-to-write-a-new-codeql-query-and-maximise-payout-rce-via-zipslip-query/
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw
This video is an explanation of a CodeQL query to detect RCE via ZipSlip for which GitHub Security Lab rewarded me $5,500.
Pull request with a change: http://github.com/github/codeql/pull/12208
Hackerone report: http://hackerone.com/reports/1914118
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:42 Finding the bug
03:57 The sink
06:38 The source
07:57 The flow
10:43 The sanitizer
Add comment