CVE-2018-11235: Git Submodule RCE
This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution
In this course, we delve into the exploitation of a remote command execution vulnerability in Git, documented as CVE-2018-11235. The vulnerability can be weaponized to target users who clone a remote directory, potentially allowing malicious code execution on their systems. The course walks you through the process of setting up your own Git repository using Apache2, as popular hosting services like GitHub and GitLab have implemented protections against this attack.
You will learn step-by-step instructions to create a malicious Git repository, including configuring submodules and injecting directory traversal techniques. By the end of the course, you will have a comprehensive understanding of how to exploit this vulnerability, along with a better grasp of Git's internal structure and the security measures necessary to safeguard against such attacks.