Skip to content

Release v1.1.4

Latest
Latest
Compare
Choose a tag to compare
@0xn3va 0xn3va released this 03 Jul 18:38
v1.1.4
1fe06f1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • Argument injection 2234bc6
    • ssh
      • Command execution via authorized_keys and id_*.pub
  • Command injection 0b8edca
    • Using PERL5OPT environment variable to execute commands
    • Using PERL5DB environment variable to execute commands
    • Using PERLLIB and PERL5LIB environment variables to execute commands
    • Using PYTHONWARNINGS environment variable to execute commands
    • Using NODE_OPTIONS environment variable to execute commands
    • Using RUBYOPT environment variable to execute commands
  • HTML injection d930245
    • Using link to exfiltrate data via DNS
  • Content Security Policy fd417e5
    • Common misconfigurations
    • Using third-party frameworks to bypass CSP
    • Abusing CSP to exfiltrate data
    • Script gadgets
  • GitHub Action fbe8adc
    • Using GITHUB_TOKEN to trigger workflow_dispatch and repository_dispatch workflows in the post-exploitation stage

Updated

  • HTML injection d930245
    • Refactoring
  • GitHub Action fbe8adc
    • Refactoring of the "potential impact of a compromised runner workflow" section
Assets 2
Loading