Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2018-11235 PoC — Git 安全漏洞

Source
https://github.com/vmotos/CVE-2018-11235
Associated Vulnerability
Title:Git 安全漏洞 (CVE-2018-11235)
Description:In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Description
RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235)
Readme
# CVE-2018-11235
RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235 )
File Snapshot

 [4.0K]  /data/pocs/b66b919be2b7b8db1fc2213e6b0505c2d7cb7e6d
├── [  18]  malicious -> modules/malicious/
├── [  18]  maliciouslink -> modules/malicious/
├── [4.0K]  modules
│   └── [4.0K]  malicious
│       ├── [4.0K]  hooks
│       │   └── [  40]  post-checkout
│       ├── [   9]  malicious -> malicious
│       └── [  13]  maliciouslink -> maliciouslink
├── [4.0K]  multi-openvpn
└── [  93]  README.md

6 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →