CVE-2023-51385

This repository demonstrates an RCE vulnerability in SSH configurations where `ProxyCommand` tokens like `%h` and `%p` are improperly sanitized, allowing command injection via crafted SSH URLs. The PoC exploits this to execute arbitrary commands (e.g., launching Calculator on macOS).

This repository demonstrates a command injection vulnerability in OpenSSH via ProxyCommand configuration, exploiting CVE-2023-51385. The PoC uses a maliciously crafted .gitmodules file to execute arbitrary commands when git clone is run with --recurse-submodules.

The repository lacks actual exploit code and instead directs users to clone another repository, which is a common tactic for suspicious or malicious repos. No technical details about the vulnerability are provided.

The repository contains only a minimal README with no exploit code, technical details, or functional PoC. It is a placeholder with no substantive content.

This repository demonstrates a command injection vulnerability in Git's handling of `.gitmodules` files when using SSH with a ProxyCommand. The exploit leverages backticks in the SSH URL to execute arbitrary commands during a `git clone` operation.

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no functional content.

The repository contains only a README.md file with the CVE identifier and no additional technical details or exploit code. It is a placeholder with minimal content.

The repository contains only a minimal README with no exploit code, technical details, or functional content. It appears to be a placeholder or incomplete submission.

This repository demonstrates a command injection vulnerability in Git's handling of `.gitmodules` files when using SSH with a ProxyCommand. The exploit leverages a crafted URL in the `.gitmodules` file to execute arbitrary commands during a `git clone` operation.

The repository contains a minimal README and a trivial shell script that creates a file. There is no functional exploit code or technical details about CVE-2023-51385.

This repository demonstrates a command injection vulnerability in OpenSSH via the ProxyCommand configuration in ~/.ssh/config, exploiting CVE-2023-51385. The PoC uses a crafted .gitmodules file to execute arbitrary commands when git clone is run with --recurse-submodules.

This repository contains a functional Proof of Concept (PoC) for CVE-2023-51385, an OpenSSH ProxyCommand command injection vulnerability affecting versions prior to 9.6. The PoC demonstrates remote code execution (RCE) by exploiting a malicious SSH configuration that triggers command execution when a user clones the repository.

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

This repository contains a functional proof-of-concept for CVE-2023-51385, demonstrating command injection via OpenSSH's ProxyCommand option. The exploit leverages improper sanitization of the ProxyCommand value to achieve arbitrary command execution.

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no functional content.