| Gain write permission of repositories with a bug in GitHub Actions |
|
|
|
| Stealing arbitrary GitHub Actions secrets |
|
|
|
| Messing with GitHub's fork collaboration for fun and profit |
|
|
|
| Attack of the clones 2: Git CLI remote code execution strikes back |
|
|
|
| Github Organization Takeover By Claiming Owner Invitation |
|
|
|
| How images on Github will leak your private information |
|
|
|
| Attack of the clones: Git clients remote code execution |
|
|
|
| GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty |
|
|
|
| GitHub Gist - Account takeover via open redirect - $10,000 Bounty |
|
|
|
| GitHub - RCE via git option injection (almost) - $20,000 Bounty |
|
|
|
| Update: Want to take over the Java ecosystem? All you need is a MITM! |
|
|
|
| Hacking GitHub with Unicode's dotless 'i' |
|
|
|
| How I accidentally took down GitHub Actions |
|
|
|
| Bypassing GitHub's OAuth flow |
|
|
|
| How to lock a GitHub user out of their repos (bug or feature?) |
|
|
|
| GitHub Desktop RCE (OSX) |
|
|
|
| Using a GitHub app to escalate to an organization owner for a $10,000 bounty |
|
|
|
| How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! |
|
|
|
| Road to (unauthenticated) recovery: downloading GitHub SSO bypass codes |
|
|
|
| Atom.io Misconfiguration Allowed Code Execution on Untrusted Networks |
|
|
|
| Internet Explorer has a URL problem |
|
|
|
| GitHub RCE Writeup |
|
|
|
| How I hacked Github again. |
|
|
|
writeups.xyz
/
GitHub