Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go
https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go
Last synced: 21 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go
- Owner: ExploitBox
- Created: 2020-11-04T16:43:04.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2020-11-04T19:09:31.000Z (about 4 years ago)
- Last Synced: 2024-05-02T18:08:46.249Z (7 months ago)
- Language: Go
- Size: 1.26 MB
- Stars: 14
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go - (Go)
README
# Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (Go version)
## Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc.Discovered by **Dawid Golunski**
* https://legalhackers.com
* https://exploitbox.ioTested on Windows on:
git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc.
Basically, the whole Windows dev world ;)
Check out the full advisories for details and patch information:
* https://exploitbox.io/vuln/Git-Git-LFS-RCE-Exploit-CVE-2020-27955.html
* https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.htmlVideo PoC:
* https://youtu.be/tlptOf9w274There's also a BAT / Powershell version of this exploit in a repo with LFS enabled already:
* https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955```
.;lc'
.,cdkkOOOko;.
.,lxxkkkkOOOO000Ol'
.':oxxxxxkkkkOOOO0000KK0x:'
.;ldxxxxxxxxkxl,.'lk0000KKKXXXKd;.
':oxxxxxxxxxxo;. .:oOKKKXXXNNNNOl.
'';ldxxxxxdc,. ,oOXXXNNNXd;,.
.ddc;,,:c;. ,c: .cxxc:;:ox:
.dxxxxo, ., ,kMMM0:. ., .lxxxxx:
.dxxxxxc lW. oMMMMMMMK d0 .xxxxxx:
.dxxxxxc .0k.,KWMMMWNo :X: .xxxxxx:
.dxxxxxc .xN0xxxxxxxkXK, .xxxxxx:
.dxxxxxc lddOMMMMWd0MMMMKddd. .xxxxxx:
.dxxxxxc .cNMMMN.oMMMMx' .xxxxxx:
.dxxxxxc lKo;dNMN.oMM0;:Ok. 'xxxxxx:
.dxxxxxc ;Mc .lx.:o, Kl 'xxxxxx:
.dxxxxxdl;. ., .. .;cdxxxxxx:
.dxxxxxxxxxdc,. 'cdkkxxxxxxxx:
.':oxxxxxxxxxdl;. .;lxkkkkkxxxxdc,.
.;ldxxxxxxxxxdc, .cxkkkkkkkkkxd:.
.':oxxxxxxxxx.ckkkkkkkkxl,.
.,cdxxxxx.ckkkkkxc.
.':odx.ckxl,.
.,.'.
```https://exploitbox.io
https://twitter.com/Exploit_BoxStay tuned