Modern web users fear XSS in browsers, but did you know terminals can be vulnerable too? If you cat a log file with malicious escape sequences, your terminal might execute them. Clever attackers have used this trick to inject commands, log keystrokes, or alter display output without you typing a thing. It is a form of terminal injection that relies on how terminals interpret ANSI codes. Some older terminal emulators were especially susceptible, and even today, careless logging can open the door to unexpected command execution.

#TerminalHacks #XSS #EscapeSequences #LinuxSecurity #OldSchoolExploits

Follow

@fraggle
alias cat='cat -vET'
makes all non-printable characters visible

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.