During recent security research, I came up with a fun “trick” that I later shared in a Capture the Flag challenge for the Hack.lu CTF and my Code Security Advent Calendar. I received good feedback and wanted to share the details with a broader audience. 

Let’s say that you discovered a code vulnerability that allows you to truncate arbitrary files. It sounds like a pretty weak exploitation primitive, but if you are dealing with an application that involves operations on a Git repository under your control, you’re in luck! 

Leave a Reply

Your email address will not be published. Required fields are marked *