CVE-2020-15778 POC (Proof-of-Concept)

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Published: 2020-07-24

CVSS: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Download CVE-2020-15778 POC (Proof-of-Concept) here:

http://zeroday4n6aaxjruc5jgvulkdgy4mkioom5g6q7l3nz475a62vmamiyd.onion/exploit-for-cve-2020-15778.776/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://connollyfinan.ie/poc-294-cve-2017-7269/

https://connollyfinan.ie/poc-137-cve-2024-30361/

https://connollyfinan.ie/poc-632-cve-2022-37434/

https://connollyfinan.ie/poc-619-cve-2019-0232/

https://connollyfinan.ie/poc-333-cve-2017-10271/