Yesterday I saw something on Reddit that shocked me.
We all do it almost every day — we look for something on the internet, find a website, copy terminal commands, and other things directly from the site.
Then we paste them directly into the terminal to install things, write code or make configurations.
This can cause us to paste commands into our terminal that we did not want.
Even bigger is the problem that depending on the command we insert, we don’t even have to confirm the execution by pressing enter.
If the command contains a new-line
\n, it will be executed immediately when we insert it into the terminal.
Here you can see an example:
Source: the author
As you can see, I just paste the copied code, and it will be executed immediately.
If you already have root privileges in the session at this point, almost anything is possible. A single command that you don’t expect can destroy important files or install software and execute it immediately.
I have tried it on a Windows PC & MacBook — in Firefox, Safari, Chrome & Opera. It works everywhere — no matter if you click on copy in the context menu or use the key combination.
Combining both provides the exploit.
document.getElementByIdwe select the element for which we want to intercept and manipulate the copy event. First, we add the event listener to the copy-event.
Then we call a function to save text to the clipboard.
That the browser copies the text itself is now suppressed.
With the rapid development in technology, the old ways to do business have changed completely. A lot more advanced and developed ways are ...
You name the business and I will tell you how web development can help you promote your business. If it is a startup or you seeking some...
Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots
Build your eCommerce project by hiring our expert eCommerce Website developers. Our Dedicated Web Designers develop powerful & robust website in a short span of time.