Wiki Edit: Don't copy+paste commands

4 réponses [Dernière contribution]
GNUser
Hors ligne
A rejoint: 07/17/2013

Hey everyone,

I made a small edit in our wiki, but I also thought it would be worth sharing here.
Copy+paste commands from a website can be exploited even if you have JS disabled. Please have a look at wiki page

https://trisquel.info/en/wiki/never-simply-copy-and-paste-commands

If I did something wrong editing please let me know. Thanks and stay safe!

amenex
Hors ligne
A rejoint: 01/03/2015

That first link points to a second link:
https://briantracy.xyz/writing/copy-paste-shell.html
wherein "control-U" reveals the malicious code.

For the second example, simply highlight the text and right click;
in my Abrowser, there's a duckduckgo menu item presented which links
their search for the hidden code in the highlighted text:
https://duckduckgo.com/?q=echo+%3B+rm+-rf+%2F+%3B+echo+%22looks+safe+to+me!%22&ia=web

Word about this risk is getting around!

loldier
Hors ligne
A rejoint: 02/17/2016

That WYSINWYC link is a dead link.

Cyberhawk

I am a translator!

Hors ligne
A rejoint: 07/27/2010

wow, the CSS exploit is so simple and yet fail-proof. Never thought of it myself, before seeing the article and the explanation...

The javascript exploit did not work on me in abrowser, I disabled libreJS and it still did not work after reloading the site multiple times.

But the CSS one is a really evil way of using stylesheets against the user... In a way it is hilarious.

GNUser
Hors ligne
A rejoint: 07/17/2013

Yes, there was a dead link on the already existing page. I didn't know if it would be OK for me to delete someone else's content, so I just added my own.

Yes, the CSS exploit is amazingly... amazing I guess lol.