CVE-2019-13000 PoC — Eclair 安全漏洞

Source

Associated Vulnerability

Description

A tool that detect if your node has been victim of the invalid funding tx attack.

Readme

# Detection tool for CVE 2019-13000

A tool that detect if your node has been victim of the invalid funding tx attack.

## Usage

```shell
java -jar checkfunding.jar --db eclair.sqlite
```

## Help

```shell
$ java -jar checkfunding.jar --help
checkfunding 1.0
Usage: checkfunding [options]

  --db <eclair.sqlite>  path to eclair.sqlite
  --conf <eclair.conf>  path to eclair.conf
  --help                prints this usage text

This utility will detect if your node has been victim of CVE-2019-13000.
Please see the thread on https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-August/002130.html for more details on the vulnerability.

NB: This tool will only work if you have been using released versions of Eclair. If you are on e.g. latest master, please contact support.

Example: checkfunding --db /path/to/eclair.sqlite --conf /path/to/eclair.conf

```

File Snapshot

 [4.0K]  /data/pocs/845b86d7eb84fd7f737b5577a558c6db6ec287eb
├── [7.2K]  pom.xml
├── [ 873]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  resources
        │   └── [1.0K]  logback.xml
        └── [4.0K]  scala
            └── [4.0K]  fr
                └── [4.0K]  acinq
                    └── [4.0K]  eclair
                        └── [4.0K]  checkfunding
                            ├── [2.0K]  Boot.scala
                            ├── [2.9K]  CheckBitcoind.scala
                            ├── [3.6K]  CheckFunding.scala
                            └── [ 888]  Conf.scala

8 directories, 7 files

Remarks