hackpack-ncsu / CTF-2022

0 stars 0 forks source link

Geet Into ReAction #24

Open igibek opened 2 years ago

igibek commented 2 years ago

Story line

Since it is really time-consuming to go through all opened PRs and issues and comments, we decided to automate parts of the manual efforts. Therefore, we employ GitHub Actions to automatically respond to issues via email. The repository that uses GitHub Action to automate common tasks is vulnerable to injection attacks.

This is almost identical to the #23 challenge, except this will involve third-party action that needs to be exploited to read the secrets

Solution

Users must perform command injection by creating a new issue, or other ways which will give the attacker ability to read the secret.

Bottleneck

Need to figure out a way how to make sure that the flag will not be seen by everyone except the attacker.