CVE-2018-17456

This PoC demonstrates CVE-2018-17456, an input validation error in Git that allows arbitrary command execution during recursive submodule cloning. The exploit constructs a malicious repository with a crafted `.gitmodules` file to trigger command injection.

The repository contains only a README.md file with minimal information about CVE-2018-17456, lacking any exploit code or technical details. It appears to be a placeholder or stub for a potential proof-of-concept.

The repository contains only README files with minimal content ('test'), providing no functional exploit code or technical details for CVE-2018-17456.

The repository contains only a README.md file with minimal content, stating it is a reproduction of CVE-2018-17456 but providing no code or technical details.

This Dockerfile sets up a test environment for CVE-2018-17456, a Git submodule vulnerability allowing arbitrary command execution via crafted .gitmodules entries. The PoC demonstrates command injection by executing a payload during submodule operations.

This PoC exploits CVE-2018-17456, a vulnerability in Git submodules that allows arbitrary command execution during recursive clone operations. The script constructs a malicious repository with a crafted `.gitmodules` file to trigger the vulnerability.

The writeup explains CVE-2018-17456, a Git RCE vulnerability where a malicious `.gitmodules` file can inject arbitrary commands via the `url` field. The exploit leverages a colon in the path to bypass checks and execute a payload script via the `upload-pack` flag.

This Metasploit module exploits CVE-2018-17456 by creating a malicious Git repository with a submodule URL starting with a dash, which triggers command execution when cloned with --recurse-submodules. The exploit delivers a reverse shell payload via a crafted .gitmodules file.

This is a writeup describing CVE-2018-17456, a vulnerability in Git where a malicious .gitmodules file can lead to arbitrary code execution during a 'git clone --recurse-submodules' operation. The exploit involves crafting a URL field starting with a dash to manipulate the 'git clone' subprocess.