Cookie Consent by Free Privacy Policy Generator GitLab: Remote Command Execution via Github import
Paypal Spenden für Projekt | Google Playstore Download Button für Team IT Security

Theme Auswahl

➠ GitLab: Remote Command Execution via Github import

Summary This is very similar to and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the api client uses Sawyer for handling the responses. This takes a json hash and converts it into a ruby class that has methods matching all of the keys: ```ruby def self.attr_accessor(*attrs) attrs.each do |attribute| class_eval do define_method attribute do @attrs[attribute.to_sym] end define_method "#{attribute}=" do |value| @attrs[attribute.to_sym] = value end define_method "#{attribute}?" do !!@attrs[attribute.to_sym] end end end end ``` This happens recursively, and allows for any method to be overridden including built-in methods such as to_s. The redis gem uses to_s and bytesize to generate the RESP command, so if a Sawyer::Resource is ever passed in that has a controllable hash it can allow arbitrary redis commands to be injected into the stream as the string will be shorter than the $ size provided (see ruby i = i.to_s command <<......

➦ Sicherheitslücken / Exploits ☆

➠ Komplette Nachricht lesen

Zur Startseite

➤ Ähnliche Beiträge für 'GitLab: Remote Command Execution via Github import'

SCMKit - Source Code Management Attack Toolkit

vom 1609.77 Punkte
Source Code Management Attack Toolkit - SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials (username/password or API key) to the respective SCM system. Currently, the

CI Pipelines for dockerized PHP Apps with Github & Gitlab [Tutorial Part 7]

vom 1531.12 Punkte
How to setup CI (Continuous Integration) pipelines for dockerized PHP applications with Github Actions and Gitlab Pipelines This article appeared first on at CI Pipelines for dockerized PHP Apps with Github & Gitlab [Tutorial Part 7] In the seventh part of this tutorial series on develop

Virtual Coffee Hacktoberfest 2023 Roundup

vom 1342.14 Punkte
Another Hacktoberfest has come and gone! This was Virtual Coffee's fourth (fourth!!) Hacktoberfest (🤯🤯🤯) and it was another great one! Our members knocked it out of the park as usual, and we wanted to take a moment to celebrate! Our Virtual Coffee H

CLI tools you won't be able to live without 🔧

vom 1275.48 Punkte
As developers, we spend a lot of our time in the terminal. There's a lot of helpful CLI tools, which can make your life in the command line easier, faster and generally more fun. This post outlines my top 50 must-have CLI tools, which I've come to r

NestJS Authentication with OAuth2.0: Configuration and Operations

vom 1047.24 Punkte
Series Intro This series will cover the full implementation of OAuth2.0 Authentication in NestJS for the following types of APIs: Express REST API; Fastify REST API; Apollo GraphQL API. And it is divided in 5 parts: Configuration and

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

vom 999.27 Punkte
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it,

⚡ Complete Tutorial: React Admin Panel with refine and daisyUI

vom 994.61 Punkte
Author: Abdullah Numan Introduction In this post, we go through the process of developing a React admin panel using refine and daisyUI. refineis a React-based framework that helps quickly build data-heavy applications like dashboards, admin panels and sto

Anything C can do Rust can do Better

vom 873.73 Punkte
C++ and Rust are both system programming languages that can be used to produce software and software platforms. They are both capable of interacting with low-level components such as operating systems or firmware on a microcontroller, or at a high l

Thank you, Visual Studio docs contributors (March 2020)

vom 799.69 Punkte
We want to say a big thank you to everyone who contributed to the docs in March of 2020! You are helping make the Visual Studio docs clearer, more complete, and more understandable for everyone. We love that our community takes the time to get involve

FERNtastic Web Development: A Starter's Walkthrough of the FERN Stack

vom 779.45 Punkte
Today I’m going to walk you through my set up getting started with the FERN stack - that stands for Firebase, Express, React, Node.js. It’s a variant on the incredibly popular MERN stack. But you’ll see that by swapping out MongoDB for Firebase RT

2023's Top Development Projects for Programmers: A Complete List of Tutorials and Tools for Mastering the Latest Technologies

vom 756.28 Punkte
Welcome to our blog post on "2023's Top Development Projects for Programmers"! As a developer, staying up to date on the latest technologies and tools is crucial for staying competitive in the job market. In this post, we've compiled a comprehensive li

Security updates for Monday

vom 746.41 Punkte
Security updates have been issued by Debian (booth, libpgjava, and thunderbird), Fedora (3mux, act, age, antlr4-project, apache-cloudstack-cloudmonkey, apptainer, aquatone, aron, asnip, assetfinder, astral, bettercap, buildah, butane, caddy, cadvisor, che

Team Security Diskussion über GitLab: Remote Command Execution via Github import