Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-1000117 PoC — Git 命令注入漏洞

Source
https://github.com/greymd/CVE-2017-1000117
Associated Vulnerability
Title:Git 命令注入漏洞 (CVE-2017-1000117)
Description:A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Description
Check Git's vulnerability CVE-2017-1000117
Readme
Test repository to check Git's vulnerability [CVE-2017-1000117](https://access.redhat.com/security/cve/cve-2017-1000117)

## How it works?

Clone this repository recursively.
The sentence 「うんこもりもり」(which means like "Lots of shit.") will be shown on your terminal.

```
$ git clone --recursive https://github.com/greymd/CVE-2017-1000117.git
Cloning into 'CVE-2017-1000117'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 5 (delta 0), pack-reused 0

...

    "mm
    mmmm          "m           "mmmmm
  ""    #         m"               "
        #        m#m          m
       #        m"  #   m     "m     m
     m"        m"   "mm"        """""
   m            m   m          m            m   m
  mm#            # # "m       mm#            # # "m
   m"#"          ##   #        m"#"          ##   #
 ""#mm "m        #    #      ""#mm "m        #    #
   #    #            #         #    #            #
    "mm"           m"           "mm"           m"

...

```

## Tested on:

* Linux (Ubuntu 16.04)
* macOS Sierra
* Windows 64bit -- Cygwin
* Windows 64bit -- Git Bash (MinGW-w64)
File Snapshot

 [4.0K]  /data/pocs/ca766ac5e7cf7274077c69ab0361edc57c5c49cc
├── [ 230]  file
├── [4.0K]  morimori
└── [1.1K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →