Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2018-11235 PoC — Git 安全漏洞

Source
https://github.com/j4k0m/CVE-2018-11235
Associated Vulnerability
Title:Git 安全漏洞 (CVE-2018-11235)
Description:In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Description
Auto malicious git repository creation to exploit CVE-2018-11235 a Remote Code Execution using Git Sub module.
Readme
# CVE-2018-11235
Auto malicious git repository creation to exploit CVE-2018-11235 a Remote Code Execution using Git Sub module.

# Blog Post:
- https://devblogs.microsoft.com/devops/announcing-the-may-2018-git-security-vulnerability/
File Snapshot

 [4.0K]  /data/pocs/21218c3512b4a448ede5f73222a0e237aec12eba
├── [ 807]  exploit.sh
└── [ 234]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →