One git command may cause you hacked ( CVE-2014-9390 Exploitation for Shell )

Hello

CVE-2014-9390 is one of the hilarious vulnerability I’ve ever seen. One single git  may cause you hacked! I won’t dive into the details of this vulnerability because of official announcements can be found here ( https://github.com/blog/1938-git-client-vulnerability-announced and http://article.gmane.org/gmane.linux.kernel/1853266 ) . In short, if you use case insensitive operating system like Windows or OSX you have to update your git client, do it right now! Otherwise attackers can insert their own pre hooks into your git directory.

Let’s analyze this vulnerability from penetration tester perspective.

Read moreOne git command may cause you hacked ( CVE-2014-9390 Exploitation for Shell )