Subscribe via feed.

OpenSSH On Cygwin SFTP Client Directory Traversal

Posted by deepcore on March 23, 2017 – 1:41 am

Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names “.” and “..” (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »