来源

关联漏洞

描述

This repository contains a proof-of-concept (PoC) for exploiting the OpenSSH ProxyCommand vulnerability — CVE-2025-51385 — affecting OpenSSH servers <9.6 Version

介绍

### 🔐 CVE-2023-51385 - OpenSSH ProxyCommand Injection PoC

This repository contains a **proof-of-concept** for CVE-2023-51385, a command injection vulnerability in **OpenSSH's ProxyCommand** option. An attacker with control over SSH configuration or untrusted `ProxyCommand` strings can potentially achieve arbitrary code execution.

📌 **Impact**: Arbitrary command execution via malicious or improperly handled `ProxyCommand` values.
⚠️ **Affected Versions**: OpenSSH versions prior to the patch for CVE-2023-51385.
🔬 **PoC**: Demonstrates how exploitation can occur using a crafted SSH config or command-line input.

> **Note**: This PoC is for **educational and authorized testing purposes only**. Do not use against systems without permission.
>
## Summary

CVE-2023-51385 is a **command injection vulnerability** affecting OpenSSH's `ProxyCommand` option. Under specific conditions, an attacker can exploit improper escaping in SSH configuration or arguments to inject arbitrary commands.

This repository provides a **Proof-of-Concept (PoC)** demonstrating the vulnerability for **educational and authorized penetration testing**.

---

## ⚠️ Affected Versions

- **OpenSSH prior to version 9.8**  
- Vulnerable platforms include Unix/Linux systems where SSH client-side configs or CLI arguments are user-controlled.

---

## 🧠 Vulnerability Details

The issue arises due to **improper sanitization of the `ProxyCommand` value**. If an attacker can influence the `ProxyCommand` field in `.ssh/config` or via CLI, they may inject shell commands.

文件快照

 [4.0K]  /data/pocs/2a6dec07fae86e2740fc4b27f0d285bccb1f8965
├── [1.7K]  exploit.md
├── [1.0K]  LICENSE
├── [1.5K]  README.md
├── [ 46K]  SSH_Proxycommand1.png
├── [ 28K]  SSH_Proxycommand2.png
└── [9.2K]  SSH_ProxyCommand_Injection1.png

0 directories, 6 files

备注