CVE-2019-12735 PoC — Vim 操作系统命令注入漏洞

Source

https://github.com/pcy190/ace-vim-neovim

Associated Vulnerability

Title:Vim 操作系统命令注入漏洞 (CVE-2019-12735)
Description:Vim是一款基于UNIX平台的编辑器。Neovim是Vim的重构版。 Vim 8.1.1365之前版本和Neovim 0.3.6之前版本中的getchar.c文件存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Description

Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735)

Readme

# ace-vim-neovim
Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735)

# Usage
1. listen
```
nc -vlp 9999
```
2. ace 
```
vim poc_shell.txt
```
And then, your localhost will get shell.

File Snapshot


 [4.0K]  /data/pocs/75ceefa9a0e5896cad19cfef6d073a67770c5782
├── [ 144]  poc_shell.txt
├── [  75]  poc_uname.txt
└── [ 199]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!