Monday, November 16, 2015

bash cut & paste command injection

Its not a good idea to copy direct a BASH command from HTML pages into BASH without checking whats behind.


Copy "ls -al" from webpage and paste it into browser.

Inside Clipboard can be various shell commands which gets executed pasteing them (In this example first line of /etc/passwd is shown)

The code behind the HTML page looks like: