• info
• discussion
• exploit
• solution
• references

WinSCP URI Handler Remote Arbitrary File Access Vulnerability

An attacker can exploit this issue by creating a malicious URI consisting if 'scp://' or 'sftp://' URI handlers.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/WinSCP-0912-afa.txt