hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #76 from github/pwntester-patch-1

Browse Source 
Update ArgumentInjectionCritical.md
This commit is contained in:
Alvaro Muñoz
2024-08-23 17:40:48 +02:00
committed by GitHub
parent 1ca985b415 293dd1a32b
commit 0cabcf8ec7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/src/Security/CWE-088/ArgumentInjectionCritical.md
View File

@@ -31,7 +31,7 @@ jobs:
cat file.txt | sed "s/BODY_PLACEHOLDER/$BODY/g" > replaced.txt
```
An attacker may set the body of an Issue comment to `BAR|g;1e whoami;#` and the command `whoami` will get executed during the `sed` operation.
An attacker may set the body of an Issue comment to `BAR/g;1e whoami;#` and the command `whoami` will get executed during the `sed` operation.
## References