avatar
Git LFS Clone Command Execution Exploit

Anon666Exp3rt 0.9K 1st Sep, 2021

Loading Please wait...
Description

CVE-2021-21300 | remote exploits | Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of repository files which enables the placement of a Git hook in the .git/hooks directory. By default, this Metasploit module writes a post-checkout script so that the payload will automatically be executed upon checkout of the repository.

To share this paste please copy this url and send to your friends
RAW Paste Data
Recent Pastes