Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities reported by Justin Steven #21

Open
WangYihang opened this issue Jan 31, 2022 · 0 comments
Open

Vulnerabilities reported by Justin Steven #21

WangYihang opened this issue Jan 31, 2022 · 0 comments
Assignees
@WangYihang
Labels
vulnerability

Comments

@WangYihang
Copy link
Owner

No description provided.

@WangYihang WangYihang self-assigned this Jan 31, 2022
WangYihang added a commit that referenced this issue Jan 31, 2022
@WangYihang
fix(__init__.py): fix incorrect path handling #21
9f29855 
When GitHacker meets Apache/Nginx with folder Indexes enabled, it will
recursively download `.git` folder. GitHacker incorrectly trust the
hyperlink from the Apache/Nginx, that allows to write arbitrary content
into arbitrary file on the GitHacker users machine.

This issue is reported by Justin Steven
<https://twitter.com/justinsteven>. Thanks a lot for his excellent work
and his responsible disclosure.
WangYihang added a commit that referenced this issue Jan 31, 2022
@WangYihang
fix(__init__.py): fix incorrect path handling #21
f97710c 
When GitHacker meets Apache/Nginx with folder Indexes enabled, it will
recursively download `.git` folder. GitHacker incorrectly trust the
hyperlink from the Apache/Nginx, that allows to write arbitrary content
into arbitrary file on the GitHacker users machine.

This issue is reported by Justin Steven
<https://twitter.com/justinsteven>. Thanks a lot for his excellent work
and his responsible disclosure.
WangYihang added a commit that referenced this issue Mar 1, 2022
@WangYihang
fix(*): #21 fix RCE via core.fsmonitor in .git/config and `.git/h…
f691b18 
…ooks/*`
WangYihang added a commit that referenced this issue Mar 1, 2022
@WangYihang
fix(*): #21 fix RCE via core.fsmonitor in .git/config and `.git/h…
834dcd6 
…ooks/*`

this vulnerability is cause by unexpected trust of `core.fsmonitor`
in `.git/config` and `.git/hooks/*`. these git files could be dangerous
when GitHacker is interacting with git.

so, to prevent the user of GitHacker from malicous remote `.git` folder,
GitHacker will not download these files by default. But, if you insist,
you can enable downloading them by provide the command line argument:
`--enable-manually-check-dangerous-git-files=false`, then GitHacker
will display the content fo the dangerous files before saving into the
temporary repo folder. NOTICE, you should be very careful with those
files. I highly recommend you run GitHacker in a jailed environment such
as Docker container.
WangYihang added a commit that referenced this issue Mar 4, 2022
@WangYihang
fix(*): #21 fix RCE via dangerous configs in .git/config and `.git/…
806095e 
…hooks/*`

this vulnerability is cause by unexpected trust of some dangerous configs
in `.git/config` and `.git/hooks/*`. these git files could be dangerous
when GitHacker is interacting with git.

so, to prevent the user of GitHacker from malicous remote `.git` folder,
GitHacker will not download these files by default. But, if you insist,
you can enable downloading them by provide the command line argument:
`--enable-manually-check-dangerous-git-files=false`, then GitHacker
will display the content fo the dangerous files before saving into the
temporary repo folder. NOTICE, you should be very careful with those
files. I highly recommend you run GitHacker in a jailed environment such
as Docker container.
WangYihang added a commit that referenced this issue Jul 26, 2022
@WangYihang
fix(#21, #23, #24): solve stash and logs missing issue,
c9188df
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WangYihang WangYihang

Labels
vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WangYihang