Home
Submitted by alguien on Mon, 04/14/2014 - 05:22

Revision of Never simply copy and paste commands from Sun, 06/27/2021 - 04:00

The revisions let you track differences between multiple versions of a post.

What you see is not what you copy

You should never simply copy and paste commands from your browser into the terminal. You can be tricked into running malicious code. Such code can be hidden in plain view with deceptive use of formatting. The best practice is to type what you see. This is even possible when you have Javascript disabled in your browser, because a CSS exploit also exists. [1]

Example of clipboard poisoning

Someone has already written an excellent demonstration of this type of attack. Read WYSINWYC. What you see is not what you copy by Charles Sánchez.

[1]. https://briantracy.xyz/writing/copy-paste-shell.html

Revisions

04/14/2014 - 05:22
alguien
alguien
09/04/2014 - 02:38
muhammed
muhammed
06/27/2021 - 04:00
GNUser
GNUser
12/22/2023 - 17:23
knife
knife