CVE-2018-11235 PoC — Git 安全漏洞

Source

https://github.com/vmotos/CVE-2018-11235

Associated Vulnerability

Title:Git 安全漏洞 (CVE-2018-11235)
Description:Git是美国软件开发者林纳斯-托瓦兹（Linus Torvalds）所研发的一套免费、开源的分布式版本控制系统。 Git中存在安全漏洞，该漏洞源于在将子模块名称添加到$GIT_DIR/modules目录下时，程序没有正确的验证来自不可信.gitmodules文件的子模块名称。远程攻击者可借助特制的.gitmodules文件利用该漏洞执行任意代码。以下版本受到影响：Git 2.13.7之前版本，2.14.4之前的2.14.x版本，2.15.2之前的2.15.x版本，2.16.4之前的2.16.x版本，2.1

Description

RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235)

Readme

# CVE-2018-11235
RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235 )

File Snapshot


 [4.0K]  /data/pocs/b66b919be2b7b8db1fc2213e6b0505c2d7cb7e6d
├── [  18]  malicious -> modules/malicious/
├── [  18]  maliciouslink -> modules/malicious/
├── [4.0K]  modules
│   └── [4.0K]  malicious
│       ├── [4.0K]  hooks
│       │   └── [  40]  post-checkout
│       ├── [   9]  malicious -> malicious
│       └── [  13]  maliciouslink -> maliciouslink
├── [4.0K]  multi-openvpn
└── [  93]  README.md

6 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!