Displaying 3 results from an estimated 3 matches for "embeddedprivatekey".
2023 Jul 03
1
Subsystem sftp invoked even though forced command created
On 30.06.23 17:56, MCMANUS, MICHAEL P wrote:
> The actual command is similar to the following (parameters inserted to protect the source):
> (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \
> ssh -Ti ${EmbeddedPrivateKey} \
> -o HostKeyAlias="${Alias}" \
> -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \
> -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \
> -o StrictHostKeyChecking="yes" \
&...
2023 Jul 06
1
Subsystem sftp invoked even though forced command created
...ipt obviously accepts input from stdin (note the "-T" given to ssh,
so no tty):
>> The actual command is similar to the following (parameters inserted to protect the source):
>> (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \
>> ssh -Ti ${EmbeddedPrivateKey} ...
and that it's conceivable that WinSCP might send a command line
executing sftp-server, just in case the server provides it with a login
shell instead of calling the SFTP subsystem directly; Hence the theory
that the script has some command injection vulnerability.
Does the exploit sti...
2023 Jul 05
1
Subsystem sftp invoked even though forced command created
...2023, Jochen Bern wrote:
> On 30.06.23 17:56, MCMANUS, MICHAEL P wrote:
> > The actual command is similar to the following (parameters inserted to
> > protect the source):
> > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \
> > ssh -Ti ${EmbeddedPrivateKey} \
> > -o HostKeyAlias="${Alias}" \
> > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \
> > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \
> > -o StrictHostKeyChecking...