CVE-2018-6574 PoC — Google Go 安全漏洞

Source

https://github.com/seoqqq/CVE-2018-6574

Associated Vulnerability

Title:Google Go 安全漏洞 (CVE-2018-6574)
Description:Google Go是美国谷歌（Google）公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。

Description

Remote command execution in Golang go get command allows an attacker to gain code execution on a system by installing a malicious library.

Readme

# CVE-2018-6574

Remote command execution in `Golang` go get command.

CVE-2018-6574 this vulnerability impacts Golang go get command and allows an attacker to gain code execution on a system by installing a malicious library, this vulnerability was fixed in Go 1.8.7, 1.9.4 and 1.10rc2.

Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, `CFLAGS` can be used.

File Snapshot


 [4.0K]  /data/pocs/bdf3b86a759ed6ad764db17d0a52ff747717b693
├── [ 183]  aaa.c
├── [ 15K]  attack (1).so
├── [ 183]  attack.c
├── [ 15K]  attack.so
├── [ 134]  exploit.c
├── [ 334]  main.go
└── [ 443]  README.md

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!