Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-13115 PoC — libssh2 输入验证错误漏洞

Source
https://github.com/CSSProject/libssh2-Exploit
Associated Vulnerability
Title:libssh2 输入验证错误漏洞 (CVE-2019-13115)
Description:libssh2是一款实现SSH2协议的客户端C库,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh2 1.9.0之前版本中的kex.c文件的ex_method_diffie_hellman_group_exchange_sha256_key_exchange存在输入验证错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Description
Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115
Readme
# libssh2-Exploit
Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115

Goals
=====
1. Establish an openssh server. // Complete by Oct 20
2. Create a libssh2 cpp client and establish connectivity to server. // Complete by Oct 20
3. Modify the server to trigger a crash in client. // Complete by Oct 31
4. Modify the server to retrieve sensitive data from client. // Complete by Oct 31
5. Explore real world applications using libssh2 and see if our malicious server can be used to exloit those. // Complete by Oct 31
File Snapshot

 [4.0K]  /data/pocs/66dedb39facbabbdec2bec2ba42d1e64d3f3dec5
└── [ 535]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.