Since it is really time-consuming to go through all opened PRs and issues and comments, we decided to automate parts of the manual efforts. Therefore, we employ GitHub Actions to automatically respond to issues via email. The repository that uses GitHub Action to automate common tasks is vulnerable to injection attacks.
This is almost identical to the #23 challenge, except this will involve third-party action that needs to be exploited to read the secrets
Solution
Users must perform command injection by creating a new issue, or other ways which will give the attacker ability to read the secret.
Bottleneck
Need to figure out a way how to make sure that the flag will not be seen by everyone except the attacker.
Story line
Since it is really time-consuming to go through all opened PRs and issues and comments, we decided to automate parts of the manual efforts. Therefore, we employ GitHub Actions to automatically respond to issues via email. The repository that uses GitHub Action to automate common tasks is vulnerable to injection attacks.
This is almost identical to the #23 challenge, except this will involve third-party action that needs to be exploited to read the secrets
Solution
Users must perform command injection by creating a new issue, or other ways which will give the attacker ability to read the secret.
Bottleneck
Need to figure out a way how to make sure that the flag will not be seen by everyone except the attacker.