SSH ProxyCommand == unexpected code execution (CVE-2023-51385 POC)

SSH ProxyCommand == unexpected code execution (CVE-2023-51385 POC)

vtxt by Prapattimynk

SSH’s ProxyCommand is a feature quite widely used to proxy ssh connections by allowing to specify custom commands to be used to connect to the server. Arguments to this directive may contain

Android Android 5.0Exploits And POCs
( 747 ratings )
Price: $0
File CVE-2023-51385 POC
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type txt
Os All
Mod Version txt
Report Report
CVE-2023-51385 POC is the most famous version in the CVE-2023-51385 POC series of publisher
Download

SSH’s ProxyCommand is a feature quite widely used to proxy ssh connections by allowing to specify custom commands to be used to connect to the server. Arguments to this directive may contain tokens like %h%u which refer to hostname and username respectively.

When coming from untrusted sources, a hostname can be malicious and look something like `malicious-command` (backticks would allow a command to be executed in shell)

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.