If you are developing some applications on GitHub, you might have seen pull requests from Depedabot. It automatically finds outdated vulnerable packages and sends pull requests to fix that.
It is enabled by default and can make a commit on dependabot/* branch of many repositories on GitHub. Therefore, I thought If I could gain a controll of Dependabot, I can steal write permissions of those repositories. So I started to look into Dependabot.
The core module of the Dependabot is open-sourced (https://github.com/dependabot/dependabot-core), so we can use Dependabot outside of GitHub. To start the investigation, I prepared an local Dependabot environment following the official sample code.
My first idea is to deceiving a Dependabot so that the bot will sends the token to my server instead of GitHub. This idea seems possible because there are flaws in URL validations.
One of the validations is to check whether the URL contains github.com or not. Obviously, this validation accepts a URL such as github.com.mocos.kitchen.