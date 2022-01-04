Programmers, sysadmins, networks, servers, and the like often research the available ways of doing different processes. Such processes are generally script-based or command-based. When finding them in any web, what is usually done is to copy and paste them in the terminal to test them. However, you should know that there are significant risks when copying and pasting commands from a website.

This has been proven by Gabriel Friedlander, founder of the cybersecurity training platform Wizer. If you are used to copying and pasting commands directly in the terminal, it is time to change the mechanism.

The risks of copying and pasting commands from the web

The demonstration carried out by Gabriel Friedlander on his blog, leaves us surprised by the risks present when doing something as simple as copy and paste commands. His approach lies in the possibility for site owners to change what you copied to the clipboard. In that sense, when pasting the command that you just copied, it is possible that something totally different from what you had in front of you will be presented.

To make it much more graphical, Friedlander made available a simple command on his blog for you to copy and paste. When pasting it, you will find that the inserted command line is a completely different one and that it seeks to exploit a vulnerability. Friedlander explains that this can be accomplished thanks to JavaScript, even allowing the new command to display the output of the one it just replaced.

In this way, it is difficult to detect the presence of the malicious command considering that it can even present us with a false exit. The way to realize what is happening is to notice that it is another command immediately when we paste it. Therefore, the best way to avoid the risks when copying and pasting commands from the web is not to do it and instead, type them manually.