Code Poets, HAIL! Need your gorgeous thoughts re using #JavaScript event listeners to flip content of an #HTML element for malicious exploits. Seems way too easy, with the copying and the pasting, oh my! Help reality check me, peas and carrots, thxu 🥕 😛bleepingcomputer.com/news/se…

Don't copy-paste commands from webpages — you can get hacked

Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizer's Gabriel Friedlander...

bleepingcomputer.com

Jan 4, 2022 · 3:46 PM UTC

3
3
3
Replying to @mholzschlag
there are valid uses for event listeners for copying/pasting, as well as for manually setting the value of the clipboard (which is what's happening here, it's not changing the content of the element). it's important to always check copy/pasted terminal contents before running -
2
1
Thanks Alex 😊. Especially for clarity on what is actually happening with the event listener in relation to the HTML and content. Very helpful.
Replying to @mholzschlag
Happy New Year, Molly! I think it’s not so much a problem of event listeners as it is with the Clipboard API. Reminds me of HTML email hacks that display a legit URL, but the href value is to something malicious. Email clients had to step in and detect mismatches in that case.
2
1
Thanks Karl! I appreciate the info on the clipboard API,,which I admittedly have not studied or used to any applied degree myself. Happy happy to you, cheers 🥂
1
more replies
This tweet is unavailable
Thanks Tina. The way the article read struck me as being illogical. It appears from you and others there's more than a few inaccuracies in the description of how an exploit can be passed via the clipboard API.