Really nifty JavaScript hack for cut and paste:

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,448
Reaction score
5,715
Credits
51,888

(You can paste it into your terminal, it's safe.)

Note: You must CUT AND PASTE it. Just highlighting it and inserting it with the mouse wheel button doesn't trigger it.
 


JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,491
Reaction score
2,115
Credits
10,630
I've seen that kind of thing done before. If I copy text, or links from an unfamiliar website - I always copy/paste into a text editor first, to make sure no sneaky scripts have altered the copy/paste buffer!
 
OP
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,448
Reaction score
5,715
Credits
51,888
I've seen that kind of thing done before.

I've seen similar exploits but not in a while. I guess it's a novel way of doing it - inserting it with JavaScript. I checked the source and it's not even a little bit difficult. LOL My Linux site gets a ton of traffic these days. I'm positive people copy/paste the commands. It's a good thing I'm not malicious.

Though, at the same time, it only takes one person to check and them to let others know.
 

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
1,449
Reaction score
1,052
Credits
8,951
Easy to find... but how many times do we copy and paste from our browsers without thinking about it every day?
 
OP
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,448
Reaction score
5,715
Credits
51,888
but how many times do we copy and paste from our browsers without thinking about it every day?

I actually don't do so all that often. I prefer to type the command in - unless it's long and I am lazy, or unless I'm inebriated. I try not to do anything in the terminal if I'm inebriated, but sometimes the Siren's Call is too strong. So, I could easily be nailed with something like this.

The good news is that it should only have user permissions. The bad news is that user permissions are enough to cause a headache.
 
OP
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,448
Reaction score
5,715
Credits
51,888
Nice, thanks for the hack! It will save me a lot of time because I used to have issues with copying texts from different sources. I don’t know how I haven’t figured it out myself.

Yeah, it's a horrible way to get screwed over. It'd be easy to replace the code with a fork bomb or, more ugly, a command that deletes a bunch of files belonging to the user who ran the command. Sure, we've got backups - but how immediate and it's a pain to restore them.

So, be careful what you cut and paste.

There was a thread recently where I explained why some cut/paste terminal commands run automatically (a horrible idea) and how to prevent that. Basically, watch for whitespace at the end of what you cut and paste. If there's an extra character, the terminal may interpret it as a new line and run the command immediately after pasted!
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top