关联漏洞
标题:
Google Go 安全漏洞
(CVE-2018-6574)
描述:Google Go是美国谷歌(Google)公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。
描述
The issue is due to the fact that when installing a package, Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, CFLAGS can be used.
介绍
# CVE-2018-6574-go-get-RCE
The issue is due to the fact that when installing a package, Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, CFLAGS can be used.
You can build it using the following command:
$ gcc -shared -o attack.so -fPIC attack.c
Once you host your full payload on Github, you should be able to pass the package link to the victim.
文件快照
[4.0K] /data/pocs/7a7902d7aa59dd073d7d14d0f0a2cc6b333f5666
├── [ 187] attack.c
├── [ 15K] attack.so
├── [ 333] main.go
└── [ 432] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。