Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

PyPI is the package registry for Python's package manager pip. This is where most of the Python repos are stored at. It should be noted that the source code for PyPI is open source on Github.

PyPI has a not-so-popular documentation feature but was removed since it did not catch on. Because of the lack of popularity, a feature was made that removes documents. These documents are stored within S3 where each repo has its own bucket.

The code for deleting the documents used the S3 Python SDK to call list_objects_v2 with the prefix parameter. The prefix parameter will grab all buckets that start with some text. For example, examp will find examp, example and any other variation of this in the prefix. This resulted in the ability to delete arbitrary documents. This was the first vulnerability found.

PyPI has a permission management feature for packages. In this feature, the project owner can grant or remove permissions. When removing a role, the role is never checked for ownership. As a result, any user could delete a role on another project but simply knowing the id of the role.

Github Actions allows for actions to be performed on different events for the repository. Having a security hole in this open source repository would allow for the ability to edit source code of the repo to compromise everything downstream.

The workflow combine-prs.yml collects pull requests that start with dependbot and merges them into a single pull request.

The workflow has no validation on the author of the PR! This could allow malicious users to inject unsuspecting code into the repo. On the downside, it would require a manual audit but is still something to consider.

In this feature, the authors found the usage of echo on a branch name. According to docs, the code ${{ }} will be evaluated before being passed to bash. As a result, we have a classic command injection that allows escaping the context of echo to run other commands.

With command injection within the Github Actions workflow, we can assume the permissions of the process. Since the Action has access to a Write Permission for the Github repo, we can use this to take control of the content of the repo. The final payload would be to create a branch with a name like dependabot;"cat TOKEN"#.

Overall, a serious of interesting bugs! The RCE is particular to the extra interpreting done by Github Actions. It would be worth the time to check the Actions on other repos for similar vulnerabilities.