Stop the gaslighting and stop blocking me. This is not about a "local flag." This is a Global 0-Click RCE that triggers in GitHub Actions.
Look at this, @SamMorrowDrums:
The Reality: While you are merging PRs for "Session Hijacking" theory, I am already Root (uid=0) in a live environment. I have dumped Authorization tokens (ghs_) and Azure SSH keys (see Image 1).
The Stealth: Look at the logs . Your server says everything is fine while I am exfiltrating /etc/shadow in the background.
I told you about this 0-day a month ago. Instead of fixing it, you chose to block the researcher.
Stop the gaslighting and stop blocking me. This is not about a "local flag." This is a Global 0-Click RCE that triggers in GitHub Actions.
Look at this, @SamMorrowDrums:
The Reality: While you are merging PRs for "Session Hijacking" theory, I am already Root (uid=0) in a live environment. I have dumped Authorization tokens (ghs_) and Azure SSH keys (see Image 1).
The Stealth: Look at the logs . Your server says everything is fine while I am exfiltrating /etc/shadow in the background.
I told you about this 0-day a month ago. Instead of fixing it, you chose to block the researcher.