Exploitation Summary
EIP tracks 22 public exploits for CVE-2018-11235. PoCs published by qazbnm456, Rogdham, xbl3.
AI-analyzed exploit summary This repository provides a detailed writeup and references for CVE-2018-11235, a Git remote code execution vulnerability. It includes links to external PoCs and technical analysis but does not contain exploit code itself.
Description
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Exploits (22)
This repository provides a detailed writeup and references for CVE-2018-11235, a Git remote code execution vulnerability. It includes links to external PoCs and technical analysis but does not contain exploit code itself.
This PoC exploits CVE-2018-11235, a Git vulnerability where arbitrary commands are executed during a recursive submodule clone due to improper path sanitization. The exploit constructs a malicious repository with a symlink and hook to trigger command execution.
This repository provides references and links to external resources related to CVE-2018-11235, a Git RCE vulnerability. It includes links to PoC repositories, ExploitDB entries, and technical writeups but does not contain actual exploit code.
This PoC demonstrates CVE-2018-11235, a Git submodule vulnerability allowing RCE via malicious hooks. The exploit constructs a Git repository with a submodule containing a malicious post-checkout hook that executes arbitrary code during clone.
This PoC exploits CVE-2018-11235, a Git submodule vulnerability allowing arbitrary command execution via malicious hooks. The exploit involves directory traversal and hook manipulation to achieve RCE when cloning a repository with submodules.
This PoC exploits CVE-2018-11235, a Git submodule vulnerability allowing RCE via malicious hooks. It sets up a malicious Git repository with a crafted post-checkout hook to execute arbitrary commands upon cloning.
This repository contains a proof-of-concept exploit for CVE-2018-11235, a Git vulnerability that allows arbitrary code execution via malicious .gitmodules files. The exploit constructs a Git repository with a submodule that triggers the vulnerability when cloned recursively.
This PoC exploits CVE-2018-11235, a Git submodule vulnerability, to achieve RCE by injecting malicious hooks during a recursive clone. The attacker's SSH key is added to the victim's authorized_keys, enabling remote access.
This repository contains a functional exploit for CVE-2018-11235, a Git submodule vulnerability that allows arbitrary command execution during recursive submodule cloning. The exploit constructs a malicious repository that triggers a reverse shell when cloned with `--recurse-submodules`.
This repository contains a functional PoC for CVE-2018-11235, a Git submodule vulnerability that allows arbitrary command execution during recursive submodule cloning. The exploit constructs a malicious repository with a symlink and post-checkout hook to execute arbitrary code.
This repository contains a functional proof-of-concept exploit for CVE-2018-11235, a Git vulnerability allowing remote code execution via malicious submodule hooks. The script automates the creation of a malicious Git repository and configures Apache2 to serve it.
This repository provides a proof-of-concept for CVE-2018-11235, a Git submodule vulnerability that allows remote code execution via malicious hooks. It includes Docker configurations and Ngrok tunneling to expose the exploit server.
This PoC exploits CVE-2018-11235, a Git vulnerability allowing arbitrary code execution via malicious submodule paths. The repository structure demonstrates the exploit by registering submodules with crafted paths to trigger the vulnerability.
The repository claims to be a PoC for CVE-2018-11235 but contains no exploit code. It only includes placeholder README files and a forked example project (Spoon-Knife).
The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.
This repository contains a functional proof-of-concept exploit for CVE-2018-11235, which leverages Git submodule path traversal to execute arbitrary commands via a malicious post-checkout hook. The PoC demonstrates the vulnerability by creating a crafted Git repository with a submodule that triggers command execution during clone.
The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.
This repository contains a functional exploit for CVE-2018-11235, which leverages a vulnerability in Git's submodule handling to achieve remote code execution. The exploit creates a malicious Git repository that, when cloned with the --recurse-submodules flag, executes arbitrary code via a crafted post-checkout hook.
This PoC exploits CVE-2018-11235, a Git submodule vulnerability in Git versions before 2.13.7, 2.14.4, 2.15.2, 2.16.4, and 2.17.1. It demonstrates arbitrary code execution via malicious hooks in a submodule during recursive clone operations.
This repository contains only a README.md file describing CVE-2018-11235, an RCE vulnerability in Git's submodule cloning functionality. No exploit code or technical details are provided.
References (11)
Scores
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H