1·
4 months agoHere are the steps:
- The attacker creates a standard Git repository.
- They commit a single symbolic link pointing to a sensitive target.
- Using the PutContents API, they write data to the symlink. The system follows the link and overwrites the target file outside the repository.
- By overwriting .git/config (specifically the sshCommand), the attacker can force the system to execute arbitrary commands–
amazing.
gemini seems pretty sure the image is ai generated.
Spoiler
I think gemini is wrong on all points, and this is actually from an anime, even though I am not sure which .