Never simply copy and paste commands

What you see is not what you copy

You should never simply copy and paste commands from your browser into the terminal. You can be tricked into running malicious code. Such code can be hidden in plain view with deceptive use of formatting. The best practice is to type what you see. This is even possible when you have Javascript disabled in your browser, because a CSS exploit also exists. [1]

Example of clipboard poisoning

Someone has already written an excellent demonstration of this type of attack. Read WYSINWYC. What you see is not what you copy by Charles Sánchez.

[1]. https://briantracy.xyz/writing/copy-paste-shell.html

Revisions

04/14/2014 - 05:22
alguien
09/04/2014 - 02:38
muhammed
06/27/2021 - 04:00
GNUser