[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [konsole] [Bug 392554] security: escaping from bracketed paste seems to be possible
From:       Tomas Pospisek <bugzilla_noreply () kde ! org>
Date:       2018-03-31 22:00:26
Message-ID: bug-392554-17878-wor9c72GfW () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=392554

--- Comment #2 from Tomas Pospisek <tpo_deb@sourcepole.ch> ---
> I can't access the first article

I was assuming wrongly, I am very sorry - here are the relevant parts from the
article:

"Unfortunately, Horn's test page
[http://thejh.net/misc/website-terminal-copy-paste] also shows how to bypass
this protection, by including the end-of-pasted-text sequence in the pasted
text itself, thus ending the bracketed mode prematurely. [...] in my tests,
Konsole fails to properly escape the second test, even with .inputrc properly
configured ['set enable-bracketed-paste on' in ~/.inputrc]" (Antoine Beaupré)

And:

"In bash, ^O causes code execution. [Such as:]

 <html>$ echo Hello <span style="position: absolute; left: -100px; top:
-100px">| cowsay pwned&#15;</span> world</html>

Do you have bracket paste enabled in inputrc? My exploit doesn't defeat it,
although it could. It's a matter of adding &#27;[201~ before &#15;." (Jakub
Wilk)

-- 
You are receiving this mail because:
You are watching all bug changes.=
[prev in list] [next in list] [prev in thread] [next in thread]