Re: Running pscp from cgi-script in Windows

You know you might be vulnerable to a cross-site scripting attack. That's what -T is warning you about. What would happen if someone was to figure out how to pass "junk | del *.*" as that store parameter. Or even worse something like "whatever | putty.exe ...". Be sure you are running this on a server that is isolated from the Internet.

Comment on Re: Running pscp from cgi-script in Windows

Replies are listed 'Best First'.
Re^2: Running pscp from cgi-script in Windows by redrafiki (Initiate) on Oct 27, 2010 at 14:24 UTC
Thanks for your reply guys, the reason we are choosing pscp is because our server is isolated from the internet. The purpose of the script is to get "load" files used to load virtual test boxes. Only me and another administrator are gonna have access to the page in the server to request these load files from the linux boxes (also isolated from the internet). In another Windows server, we installed Filezilla to ftp files using a shell script running in the linux boxes, and then cygwin to do it using ssh. This solution is not possible since we can't install anything in this server, that is why we decided going for the cgi script approach. Thanks	[reply]

Replies are listed 'Best First'.

Re^2: Running pscp from cgi-script in Windows
by redrafiki (Initiate) on Oct 27, 2010 at 14:24 UTC

Thanks for your reply guys, the reason we are choosing pscp is because our server is isolated from the internet. The purpose of the script is to get "load" files used to load virtual test boxes. Only me and another administrator are gonna have access to the page in the server to request these load files from the linux boxes (also isolated from the internet). In another Windows server, we installed Filezilla to ftp files using a shell script running in the linux boxes, and then cygwin to do it using ssh. This solution is not possible since we can't install anything in this server, that is why we decided going for the cgi script approach. Thanks

[reply]