关联漏洞
介绍
# Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (.bat / powershell version)
## Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc.
Discovered by **Dawid Golunski**
* https://legalhackers.com
* https://exploitbox.io
Tested on Windows on:
git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc.
Basically, the whole Windows dev world ;)
Check out the full advisories for details and patch information:
* https://exploitbox.io/vuln/Git-Git-LFS-RCE-Exploit-CVE-2020-27955.html
* https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html
Video PoC:
* https://youtu.be/tlptOf9w274
There's also a Go version of this exploit:
* https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go
```
.;lc'
.,cdkkOOOko;.
.,lxxkkkkOOOO000Ol'
.':oxxxxxkkkkOOOO0000KK0x:'
.;ldxxxxxxxxkxl,.'lk0000KKKXXXKd;.
':oxxxxxxxxxxo;. .:oOKKKXXXNNNNOl.
'';ldxxxxxdc,. ,oOXXXNNNXd;,.
.ddc;,,:c;. ,c: .cxxc:;:ox:
.dxxxxo, ., ,kMMM0:. ., .lxxxxx:
.dxxxxxc lW. oMMMMMMMK d0 .xxxxxx:
.dxxxxxc .0k.,KWMMMWNo :X: .xxxxxx:
.dxxxxxc .xN0xxxxxxxkXK, .xxxxxx:
.dxxxxxc lddOMMMMWd0MMMMKddd. .xxxxxx:
.dxxxxxc .cNMMMN.oMMMMx' .xxxxxx:
.dxxxxxc lKo;dNMN.oMM0;:Ok. 'xxxxxx:
.dxxxxxc ;Mc .lx.:o, Kl 'xxxxxx:
.dxxxxxdl;. ., .. .;cdxxxxxx:
.dxxxxxxxxxdc,. 'cdkkxxxxxxxx:
.':oxxxxxxxxxdl;. .;lxkkkkkxxxxdc,.
.;ldxxxxxxxxxdc, .cxkkkkkkkkkxd:.
.':oxxxxxxxxx.ckkkkkkkkxl,.
.,cdxxxxx.ckkkkkxc.
.':odx.ckxl,.
.,.'.
```
* https://exploitbox.io
* https://twitter.com/Exploit_Box
Stay tuned
文件快照
[4.0K] /data/pocs/32fe005e779c26b102e80ae5a1880c3ebd19b48a
├── [ 16] big-bug-lfs-file.dat
├── [1.8K] git.bat
├── [1.9K] README.md
└── [ 503] revsh_powersh.ps1
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。