Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-6574 PoC — Google Go 安全漏洞

Source
https://github.com/hasharmujahid/CVE-2018-6574-go-get-RCE
Associated Vulnerability
Title:Google Go 安全漏洞 (CVE-2018-6574)
Description:Google Go是美国谷歌(Google)公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。
Description
The issue is due to the fact that when installing a package, Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, CFLAGS can be used.
Readme
# CVE-2018-6574-go-get-RCE
The issue is due to the fact that when installing a package, Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, CFLAGS can be used.

You can build it using the following command:
$ gcc -shared -o attack.so -fPIC attack.c
Once you host your full payload on Github, you should be able to pass the package link to the victim.
File Snapshot

 [4.0K]  /data/pocs/7a7902d7aa59dd073d7d14d0f0a2cc6b333f5666
├── [ 187]  attack.c
├── [ 15K]  attack.so
├── [ 333]  main.go
└── [ 432]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.