joernchen

GitHub RCE by Environment variable injection Bug Bounty writeup

Disclaimer: I'll keep this really short but  I hope you'll get the key points.

GitHub blogged a while ago about some internal tool called gerve:
https://github.com/blog/530-how-we-made-github-fast

Upon git+sshing to github.com gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.

morcefaster

Preface

Hello everyone. With Ceb drama getting so much traction, I decided to do what any rational person would do in this situation - download all public matches of all professional dota 2 players and then scan the all-chat for any racism or naughty naughty words, so the j͇͕͙ͣu͒͆s̼̠͍̖̮̳ͮ̃t̫̙̯͎ͬ̇̊̄iͨć̼͓ͬͨ͑ͣe͉̜̫̱̠̘̋̒ͅ can be upheld once and for all.

There are several nuances that stood in my way.

1. Many professionals' pubs are kept private.
2. Most of the trashtalk happens in ally chat, which isn't saved.
3. Some of the trashtalk happens over mic... which again, isn't saved.
4. Some of the trashtalk happens on smurf accounts, which I did not include here.

ClarkeRemy

mod doubly_linked_list 
{ 
  extern crate core;
  extern crate alloc;
  use 
  { core::
    { ptr
    , marker::PhantomData
    , option::Option::{self, *}
    , iter::{Iterator, IntoIterator, DoubleEndedIterator}