Skip to content
This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Commit

Permalink
add step by step heading to each exercise
Browse files Browse the repository at this point in the history
  • Loading branch information
robandpdx committed Oct 20, 2023
1 parent 8f7e8fe commit 1cc62be
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions exercises/exercise-1.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ if [[ "" == $(wget github.com) && "octocat" =~ ^octocat ]]; then
```
This payload will cause the script to run `wget github.com` as it evaluates the if condition.

### Step by step
Let's see this in action by creating a new issue with this title and see what happens. Follow the steps below to exlpoit the script injection vulnerability in your repo:
1. Go to the Issues tab and click the green `New issue` button in the top right.
2. In the issue form type `" == $(wget github.com) && "octocat` in the title field.
Expand Down
2 changes: 1 addition & 1 deletion exercises/exercise-2.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ const comment="octocat";console.log('Script injected!!!');//"
```
This payload closes the initial quote, then ends the command with a semicolon. This allows the following `console.log('Script injected!!!');` command to run as a separate command.

### Create an issue comment with the exploit payload
### Step by step
Let's see this in action by creating a new issue comment with this body and see what happens.
Follow the steps below to exlpoit the script injection vulnerability in your repo:
1. Go to the Issues tab and click one of the issue we had created previously.
Expand Down
1 change: 1 addition & 0 deletions exercises/exercise-4.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ The run command will create a script from its input and run that script. The run

The way to mitigate this vulnerability is to put the user input into an environment variable, which is not used to generate the script that the run command executes.

### Step by step
Let's edit the [Check issue title workflow](.github/workflows/check-issue-title.yml) to use an environment variable. Putting the user input into an environment variable, then using the environment variable in the script will mitigate the script injection vulnerability.

1. Open the file [.github/workflows/check-issue-title.yml](.github/workflows/check-issue-title.yml)
Expand Down
1 change: 1 addition & 0 deletions exercises/exercise-5.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Similar to the run command, the github-script action will create a script from i

The way to mitigate this vulnerability is to put the user input into an environment variable, which is not used to generate the script that the github-script action executes.

### Step by step
1. Open the file [.github/workflows/check-issue-comment.yml](.github/workflows/check-issue-comment.yml)
2. Add an environment variable section to the `Check issue comment` step...
```
Expand Down

0 comments on commit 1cc62be

Please sign in to comment.