It might seem odd to split this into two stages when it could be done from a single page. But the separation is deliberate. The lure page exists mainly to avoid initial detection from email filters, Safe Browsing, and other front-line tools. Hosting it on reputable infrastructure helps it look routine, and it's cheap to replace when it eventually gets flagged. The second stage is where the actual phishing kit lives: the branding, the tracking, the bot detection, and the endpoint that collects the credentials. It's easier to operate and rotate on infrastructure the attacker controls. The lure is disposable and lightweight. The real work happens behind it.
建议:反向代理层面配置 OAuth/BasicAuth/IP 白名单,不要直接将原生的 WS 端口裸露出去 (18789 端口)
。关于这个话题,PDF资料提供了深入分析
Step 1: Prompt injection via issue title. Cline had deployed an AI-powered issue triage workflow using Anthropic's claude-code-action. The workflow was configured with allowed_non_write_users: "*", meaning any GitHub user could trigger it by opening an issue. The issue title was interpolated directly into Claude's prompt via ${{ github.event.issue.title }} without sanitisation.
Click on the SingleFile button in the extension toolbar to save the page.
"firstStartTime": "",