|    |    |    | Today: 20-Sep-2017 |

Malicious GIT HTTP Server

September 2, 2017 | Posted in ExploitAlert

This Metasploit module exploits CVE-2017-1000117, which affects Git versions 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.

Source: Malicious GIT HTTP Server

Taged in: Exploit