bug fix

lijiejie · lijiejie · commit a3d70b19f29d · 2022-05-09T21:16:57.000+08:00
diff --git a/GitHack.py b/GitHack.py
@@ -48,19 +48,34 @@ def __init__(self):
             f.write(data)
         if not os.path.exists(self.domain):
             os.mkdir(self.domain)
+        self.dest_dir = os.path.abspath(self.domain)
         self.queue = Queue.Queue()
         for entry in parse('index'):
             if "sha1" in entry.keys():
-                if entry["name"].strip().find('..') < 0:
-                    self.queue.put((entry["sha1"].strip(), entry["name"].strip()))
-                try:
-                    print('[+] %s' % entry['name'])
-                except Exception as e:
-                    pass
+                entry_name = entry["name"].strip()
+                if self.is_valid_name(entry_name):
+                    self.queue.put((entry["sha1"].strip(), entry_name))
+                    try:
+                        print('[+] %s' % entry['name'])
+                    except Exception as e:
+                        pass
+
         self.lock = threading.Lock()
         self.thread_count = 10
         self.STOP_ME = False
 
+    def is_valid_name(self, entry_name):
+        if entry_name.find('..') >= 0 or \
+                entry_name.startswith('/') or \
+                entry_name.startswith('\\') or \
+                not os.path.abspath(os.path.join(self.domain, entry_name)).startswith(self.dest_dir):
+            try:
+                print('[ERROR] Invalid entry name: %s' % entry_name)
+            except Exception as e:
+                pass
+            return False
+        return True
+
     @staticmethod
     def _request_data(url):
         request = urllib2.Request(url, None, {'User-Agent': user_agent})
diff --git a/README.md b/README.md
@@ -1,6 +1,9 @@
 # GitHack
 
 
+### This is important
+### All users please git pull to update source code. (2022-05-09)  
+
 GitHack is a `.git` folder disclosure exploit. 
 
 It rebuild source code from .git folder while keep directory structure unchanged.
@@ -11,7 +14,8 @@ GitHack是一个.git泄露利用脚本，通过泄露的.git文件夹下的文
 
 ## Change Log
 
-* 2022-04-07：Fix abitrary file write vulnerability.  Thanks for [@justinsteven](https://github.com/justinsteven)  \'s bug report, it's very helpful.
+* 2022-05-09: Bug fix, thanks  [@justinsteven](https://github.com/justinsteven) . 
+* 2022-04-07：Fix arbitrary file write vulnerability.  Thanks for [@justinsteven](https://github.com/justinsteven)  \'s bug report, it's very helpful.
 * 2022-04-07：Add python3.x support
 
 ## How It works ##
