Monday, November 16, 2015

bash cut & paste command injection

Its not a good idea to copy direct a BASH command from HTML pages into BASH without checking whats behind.

Example:

Copy "ls -al" from webpage and paste it into browser.




















Inside Clipboard can be various shell commands which gets executed pasteing them (In this example first line of /etc/passwd is shown)



The code behind the HTML page looks like: