Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-13115 PoC — libssh2 输入验证错误漏洞

Source
https://github.com/CSSProject/libssh2-Exploit
Associated Vulnerability
Title:libssh2 输入验证错误漏洞 (CVE-2019-13115)
Description:In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
Description
Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115
Readme
# libssh2-Exploit
Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115

Goals
=====
1. Establish an openssh server. // Complete by Oct 20
2. Create a libssh2 cpp client and establish connectivity to server. // Complete by Oct 20
3. Modify the server to trigger a crash in client. // Complete by Oct 31
4. Modify the server to retrieve sensitive data from client. // Complete by Oct 31
5. Explore real world applications using libssh2 and see if our malicious server can be used to exloit those. // Complete by Oct 31
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →