Copy-Paste from Website to Terminal – always paste via an intermediate text editor
Posted by jpluimers on 2016/11/22
Everybody surely knows about more and more software trying to smart replace straight double quotes
" with opening ” and closing ” ones.
WordPress is no exception and when you forget to embed these quotes in
pre tags, your source code won’t paste as such.
For terminal code (nx or Windows console doesn’t matter much): it’s much worse: you should not copy/paste code directly to the terminal.
What’s on the clipboard might not be what you saw on the web site.
An elaborate example is at User iteraction based exploitation: WYSINWYC (What you see is not what you copy) but it comes down to:
- The clipboard is getting all text from a selection
- The browser hides some part of that text by cleverly using one more more
So basically copy/pasting to the console is just as risky as piping curl through bash or another shell. You can actually detect that server-side (and abuse it)!