Edit Github repo wikis in pidgin repository- Security Bug
Manikandan Rajakumar
mani22test at gmail.com
Thu Jul 11 11:59:15 EDT 2019
*Issue:*
Attacker can edit Github's repo wikis in pidgin repository.
*Description:*
Every organisation uses Github wiki as a description for the repository
associated with it. pidgin uses repositories which allows attacker to
edit Wiki pages for their own attacking benefit.
*Proof of concept:*
1. Go to pidgin repository,
https://github.com/pidgin
2. Click Edit the Wiki/ Create new page to create your malformed attack
injection.
*Solution:*
https://help.github.com/en/articles/changing-access-permissions-for-wikis
Looking for your reply.
Thanks,
Manikandan Rajakumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.pidgin.im/private/security/attachments/20190711/e2b02cb3/attachment.html>
More information about the security
mailing list