POC详情: a0f7f4b81b84a873c2dbc2fcd16b946156f3f11b

来源
https://github.com/JakobTheDev/cve-2024-32002-submodule-rce
关联漏洞
标题: Microsoft Visual Studio 安全漏洞 (CVE-2024-32002)
描述:Microsoft Visual Studio是美国微软(Microsoft)公司的一款开发工具套件系列产品,也是一个基本完整的开发工具集,它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio存在安全漏洞的相关信息,请随时关注CNNVD或厂商公告。
介绍
# CVE-2024-32002 RCE Submodule

A submodule to demonstrate CVE-2024-32002. Demonstrates Remote Code Execution (RCE) by loading a malicious commit hook into the `.git` directory of the parent repo.

See [cve-2024-32002-poc-rce](https://github.com/JakobTheDev/cve-2024-32002-poc-rce) for the working POC that utilises this repo.

## What this repo contains
- A malicous git hook called `post-checkout` which runs immediately after the clone completes. This git hook simply pops calc in Windows or MacOS.
- The git hook is located under notexists/hooks for good reason:
	- notexists is needed to make sure the repo clones into an empty directory.
	- hooks is the directory that git looks for git hooks to execute.
文件快照

 [4.0K]  /data/pocs/a0f7f4b81b84a873c2dbc2fcd16b946156f3f11b
├── [4.0K]  notexists
│   └── [4.0K]  hooks
│       └── [  91]  post-checkout
└── [ 711]  README.md

2 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。