HackTricks-wiki / hacktricks-cloud

584 stars 244 forks source link

GitHub Actions Cache Poisoning Details #46

Open AdnaneKhan opened 7 months ago

AdnaneKhan commented 7 months ago

The current GitHub Actions cache poisoning section (https://cloud.hacktricks.xyz/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning) is a bit light on details.

I've done some research on this and written some PoC code that I'd like to add. A couple of key points:

POC Code to write to cache and steal cache tokens: https://github.com/AdnaneKhan/ActionsCacheBlasting

Feel free to add or I can create a PR (will end up re-writing most of the existing information), unfortunately the Scribe Security article was fairly light on how to actually poison caches. Fortunately, I like sharing knowledge to help people hack all the things :)

carlospolop commented 4 months ago

Hi @AdnaneKhan ! Sry, I don't read very frequently the issues. Would you mind sending a PR with these additions? I take a look to those much frequently