小编lad*_*025的帖子

如何使从网站到终端的复制命令安全?

今天我发现了一个有趣的例子website-terminal-copy-paste。例如,您可能需要克隆 git 存储库。在网页中它看起来像:

git clone git://git.kernel.org/pub/scm/utils/kup/kup.git 
Run Code Online (Sandbox Code Playgroud)

但是当你复制它终端时它变成:

git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
Run Code Online (Sandbox Code Playgroud)

因为其余的都是隐藏的:

<p class="codeblock">
      <!-- Oh noes, you found it! -->
      git clone
      <span style="position: absolute; left: -100px; top: -100px">/dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy …
Run Code Online (Sandbox Code Playgroud)

linux browser terminal bash

7
推荐指数
1
解决办法
646
查看次数

标签 统计

bash ×1

browser ×1

linux ×1

terminal ×1