Skip to content

CVE-2018-6574 POC : golang 'go get' remote command execution during source code build

Notifications You must be signed in to change notification settings

neargle/Go-Get-RCE-CVE-2018-6574-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2018-6574 POC

LINK

RUN

go get github.com/neargle/CVE-2018-6574-POC

DETAIL

payload 在: https://github.com/neargle/CVE-2018-6574-POC/blob/master/calc.c#L10

现在已经用 CGO 的特性支持了全平台,linux go get 之后会新建一个 /tmp/go-rce-poc 文件,MAC 和 Windows 还是老套的弹计算器。

PS. Windows 的部分 GCC 可能没有 --enable-plugin 支持, 会爆 error: plugin support is disabled; configure with --enable-plugin. 当前的 POC 需要 gcc 支持 --enable-plugin.

VERSION

  • before 1.8.7
  • before 1.9.4
  • before Go 1.10rc2

THX

KINGSABRI

About

CVE-2018-6574 POC : golang 'go get' remote command execution during source code build

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published