Displaying 1 result from an estimated 1 matches for "mchome".
Did you mean:
pchome
2012 Apr 17
2
[Bug 1998] New: Arbitrary command execution using SCP
...Priority: P2
Component: scp
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: vitja.makarov at gmail.com
Hi!
I'm not sure is that a bug or a future. Since SCP doesn't escape
filenames it's possible to execute an arbitrary command:
localhost:~$ scp 'mchome:foo;echo 123 > foo' /tmp/foo
scp: foo: No such file or directory
localhost:~$ scp 'mchome:foo;echo 123 > foo' /tmp/foo
foo
100% 4 0.0KB/s 00:00
localhost:~$ cat /tmp/foo
123
I've tra...