Submitted by jxself on Tue, 07/31/2018 - 06:03
Don't do curl | bash
Tue, 07/31/2018 - 06:03
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
"So wouldn't it be great if a malicious payload would only render when piped to bash? A few people have tried this before by checking for the curl user agent which is by no means fail safe - the user may simply curl the url on the commandline revealing your malicious code. Luckily the behaviour of curl (and wget) changes subtely when piped into bash. This allows an attacker to present two different versions of their script depending on the context..."
Moral of the story: Moral: Don't do curl | bash, even if you've curled (or wget it) and read it first. Run the copy you downloaded and reviewed.
