CVE-2018-6574 PoC — Google Go 安全漏洞

Source

https://github.com/AdriVillaB/CVE-2018-6574

Associated Vulnerability

Title:Google Go 安全漏洞 (CVE-2018-6574)
Description:Google Go是美国谷歌（Google）公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。

Readme

This repository holds a PoC of the CVE-2018-6574 "go get RCE", that allowed to execute commands when downloading a 3rd party package. This could be done, as the cflags allowed to set an external library. In this PoC, the external library executes a command on the constructor

File Snapshot


 [4.0K]  /data/pocs/f6a996545d09b1b0cd4044a52f68648392154965
├── [ 197]  exploit.c
├── [ 16K]  exploit.so
├── [ 189]  main.go
└── [ 276]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!