? Subscribe to BBRE Premium: https://bbre.dev/premium
? Article about writing this query and more practical tips: https://members.bugbountyexplained.com/how-to-write-a-new-codeql-query-and-maximise-payout-rce-via-zipslip-query/
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw

This video is an explanation of a CodeQL query to detect RCE via ZipSlip for which GitHub Security Lab rewarded me $5,500.

Pull request with a change: http://github.com/github/codeql/pull/12208
Hackerone report: http://hackerone.com/reports/1914118

? Get $100 in credits for Digital Ocean: https://bbre.dev/do


Timestamps:
00:00 Intro
00:42 Finding the bug
03:57 The sink
06:38 The source
07:57 The flow
10:43 The sanitizer

Add comment

Your email address will not be published. Required fields are marked *