Wiki Edit: Don't copy+paste commands
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
Hey everyone,
I made a small edit in our wiki, but I also thought it would be worth sharing here.
Copy+paste commands from a website can be exploited even if you have JS disabled. Please have a look at wiki page
https://trisquel.info/en/wiki/never-simply-copy-and-paste-commands
If I did something wrong editing please let me know. Thanks and stay safe!
That first link points to a second link:
https://briantracy.xyz/writing/copy-paste-shell.html
wherein "control-U" reveals the malicious code.
For the second example, simply highlight the text and right click;
in my Abrowser, there's a duckduckgo menu item presented which links
their search for the hidden code in the highlighted text:
https://duckduckgo.com/?q=echo+%3B+rm+-rf+%2F+%3B+echo+%22looks+safe+to+me!%22&ia=web
Word about this risk is getting around!
That WYSINWYC link is a dead link.
wow, the CSS exploit is so simple and yet fail-proof. Never thought of it myself, before seeing the article and the explanation...
The javascript exploit did not work on me in abrowser, I disabled libreJS and it still did not work after reloading the site multiple times.
But the CSS one is a really evil way of using stylesheets against the user... In a way it is hilarious.
Yes, there was a dead link on the already existing page. I didn't know if it would be OK for me to delete someone else's content, so I just added my own.
Yes, the CSS exploit is amazingly... amazing I guess lol.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires