Merge Build Exploitation

Tools: ANY CI/CD Tool

EXAMPLE:

1) Fork target repository, mark the project as private, then fork project

2) Create a reverse shell payload on your machine, then host it on a python3 http.server

3) Setup Listener

4) Modify the Jenkinsfile (example) to fetch, then execute your reverse shell

5) Commit the changes

6) Create a merge request