Synopsis

Subdomains under *.githubapp.com provide a number of internal services to GitHub employees. These include our internal blog, helpdesk and bastion access to our internal network.

Focus areas

• Authentication bypasses allowing access to *.githubapp.com services.
• Subdomain takeovers under *.githubapp.com.
• Server Side Request Forgery vulnerabilities allowing access to our internal network. You may use ssrf-target.iad.github.net to test out SSRF attacks.

Ineligible submissions

Vulnerabilities in out-of-scope subdomains

Not all subdomains are in-scope for rewards at this time and are therefore ineligible for rewards. A list of out-of-scope subdomains is available in our scope section.