CVE-2017-1000117

This Metasploit module exploits CVE-2017-1000117 by creating a malicious Git repository with a crafted submodule URL that injects commands via the SSH ProxyCommand parameter when cloned. It simulates a Git HTTP server to deliver the exploit payload.

This repository demonstrates CVE-2017-1000117, a vulnerability in Git where malicious .gitmodules content can execute arbitrary commands during a recursive clone. The PoC triggers the execution of a command that prints a message to the terminal.

The repository lacks actual exploit code and instead provides vague commands to clone another repository and read a file, which is indicative of a social engineering lure rather than a legitimate PoC.

This repository contains a functional proof-of-concept exploit for CVE-2017-1000117, a vulnerability in Git that allows arbitrary command execution via malicious SSH URLs in submodule configurations. The exploit leverages a crafted submodule URL to execute commands on the target system during a Git clone operation.

This repository demonstrates a vulnerability in Git where a malicious repository can execute arbitrary commands (e.g., `ifconfig`) during a recursive clone operation. The exploit leverages a crafted `.gitmodules` file to trigger command execution via a maliciously named submodule.

This repository demonstrates a command injection vulnerability in Git (CVE-2017-1000117) by exploiting improper parsing of SSH URLs, allowing arbitrary command execution during submodule cloning.

This repository contains a proof-of-concept exploit for CVE-2017-1000117, which targets a vulnerability in the SSH server implementation. The exploit writes the output of the `id` command to a file named `vul` in `/var/www/html`.

This repository provides a functional PoC for CVE-2017-1000117, a vulnerability in Git that allows arbitrary command execution during a recursive clone. The exploit writes the output of the `id` command to a file in `/tmp/`.

This is a functional Metasploit module that exploits CVE-2017-1000117 by creating a malicious Git repository with a crafted submodule URL. The exploit triggers command injection when the submodule is cloned, leveraging the SSH ProxyCommand feature to execute arbitrary commands.

The repository lacks actual exploit code and instead instructs users to clone another repository, which is a common social engineering tactic. No technical details about CVE-2017-1000117 are provided.

This repository demonstrates a command injection vulnerability in Git (CVE-2017-1000117) via maliciously crafted SSH URLs in .gitmodules files. The exploit leverages the ProxyCommand feature to execute arbitrary commands when a victim performs a recursive Git clone.

This repository is a placeholder for testing Git's vulnerability CVE-2017-1000117 but contains no actual exploit code or technical details. It references another repository as the original source.

This repository provides a proof-of-concept exploit for CVE-2017-1000117, which involves a vulnerability in Git's recursive clone functionality. The exploit writes the output of the `id` command to a file named `Dagobert` in `/tmp/`.

The repository contains only a README with a link to an external GitLab repository, lacking any actual exploit code or technical details. This is characteristic of a social engineering lure.

This repository contains a functional PoC for CVE-2017-1000117, a vulnerability in OpenSSH's PAM module that allows local privilege escalation. The exploit writes the output of the `id` command to a file in `/var/www/html`, demonstrating arbitrary command execution.

The repository contains only a Dockerfile and a README with minimal content, providing no exploit code or technical details about CVE-2017-1000117. It appears to be a placeholder for a vulnerable container setup without functional exploit demonstration.

The repository contains a README with a git clone command pointing to an external source and a trivial poc.sh script that opens a calculator app, which is unrelated to the CVE. No actual exploit code or technical details are provided.

This repository contains a PoC for CVE-2017-1000117, a vulnerability in SSH servers that allows writing the output of the `id` command to a file. The exploit is designed to work with VulApps, a vulnerable application environment.

This repository contains a functional PoC for CVE-2017-1000117, a vulnerability in Git clients < v2.14.1 that allows arbitrary command execution during recursive clone operations. The exploit demonstrates copying /etc/passwd to /tmp/pwned.txt as proof of RCE.

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or test repository.

This repository contains a functional exploit for CVE-2017-1000117, which leverages a Git submodule vulnerability to execute arbitrary code during a recursive clone. The exploit starts a Python HTTP server on port 12345 and modifies the /etc/hosts file.

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository demonstrates CVE-2017-1000117, a Git vulnerability where malicious .gitmodules files can execute arbitrary commands during recursive clone. The exploit uses a crafted submodule URL with a ProxyCommand to decode and execute a base64-encoded script (upgrade.sh).

This repository demonstrates CVE-2017-1000117, a vulnerability in Git where malicious submodule URLs can execute arbitrary commands during submodule operations. The exploit leverages the ProxyCommand feature in SSH URLs to decode and execute a base64-encoded, gzip-compressed payload.

The repository contains a Dockerfile and a minimal README but lacks actual exploit code or technical details about CVE-2017-1000117. It appears to be a placeholder or build environment setup without functional PoC code.

The repository contains a reverse shell script without any context or technical details about CVE-2017-1000117. The README is minimal and lacks legitimate vulnerability analysis.

This Metasploit module exploits CVE-2017-1000117 by creating a malicious Git repository with a crafted submodule that injects commands via the SSH ProxyCommand parameter when cloned. It triggers RCE by leveraging incorrect parameter handling in Git versions 2.7.5 and below.