GitHub Invitation
-
[Bugbounty Study] #GitHub _ Account TakeoverStudy/Bugbounty Study 2021. 1. 20. 04:50
# GitHub Account Takeover _ \$5,000 abss.me/posts/github-org-takeover/ Github Organization Takeover By Claiming Owner Invitation TL;DR courtesy - https://bounty.github.com/researchers/Abss0x7tbh.html A malicious user could leverage 3 things to takeover a Github Organization : An invitation to owner from the organization. abss.me 해당 취약점은 2017. 11. 17에 제보한 것이다. [TL;DR] 요약하자면, GitHub에서 그룹의 팀원을 이메일로..