CVE-2024-39930

This exploit leverages an SSH argument injection vulnerability in Gogs (CVE-2024-39930) to achieve remote code execution. It automates the process of obtaining an API token, creating a repository, adding an SSH key, and executing arbitrary commands via a crafted SSH session.

The repository contains functional exploit code for CVE-2024-39930, including a Python script (`exploit.py`) that demonstrates the vulnerability. The exploit targets an authentication bypass in TOTOLINK devices by manipulating the `authCode` parameter.

This repository contains a functional PoC for CVE-2024-39930, which mitigates ptrace-based detection by intercepting and denying specific execve syscalls. The code uses ptrace to monitor and manipulate process execution, particularly targeting commands with split-string options.

This repository contains a functional exploit for CVE-2024-39930, targeting Gogs versions <= 0.13.0. The exploit leverages SSH argument injection to achieve remote code execution by uploading an SSH key and executing commands via the git-upload-pack mechanism.

This repository contains a functional exploit for CVE-2024-39930, targeting Gogs' SSH server to achieve remote code execution (RCE) via argument injection. The exploit automates API token acquisition, repository creation, SSH key management, and command execution through a crafted SSH session.