CVE-2022-23642 PoC — Sourcegraph 代码注入漏洞

Source

https://github.com/Altelus1/CVE-2022-23642

Associated Vulnerability

Title:Sourcegraph 代码注入漏洞 (CVE-2022-23642)
Description:Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。 Sourcegraph 存在代码注入漏洞，该漏洞允许攻击者设置git的core.sshCommand选项，该选项将git设置为在需要连接到远程系统时使用指定的命令而不是ssh。此漏洞的利用取决于 Sourcegraph 的部署方式。能够向 gitserver 等内部服务发出 HTTP 请求的攻击者能够利用它。

Description

PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Readme

# PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus "core.sshCommand" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker. This is tested on [Sourcegraph 3.36.3](https://github.com/sourcegraph/sourcegraph/releases/tag/v3.36.3)

## Setup for testing docker

A Sourcegraph docker container version 3.63.3 has been used for the testing. The gitserver port 3178 has also been exposed

## Exploitation parameters:
- Exposed Sourcegraph gitserver
- Existing repo on sourcegraph

## POC

![gif](CVE-2022-23642.gif)


## References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642
- https://github.com/sourcegraph/sourcegraph

File Snapshot


 [4.0K]  /data/pocs/f4586acfc042bfef957ba96b6a65ca8f1d6ef211
├── [411K]  CVE-2022-23642.gif
├── [1.4K]  exploit.py
└── [ 903]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!