Re: with firefox on X11, any page can pastejack you anytime

Re: with firefox on X11, any page can pastejack you anytime

Open Source Security 

Posted by David Leadbeater on Oct 20

[…]

I haven’t tested all terminal and shell combinations, but the
implementations of bracketed paste mode vary in their correctness,
some do not filter all non-whitespace control characters, so for
example you can add ^C into the exploit HTML:

writeXPrimary(‚u0003;touch ~/LOL-‚ + Date.now() / 1000 +’r‘)

Then you get a command being run with no interaction; this appears to
work with xterm (384) + fish for example….
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert