1 pages tagged with "security"
Owning "curl | sh" for Fun and Profit
June 14, 2015 - 543 words - 3 mins
If you're a web developer, you've probably seen sites asking you to install their software package like so:
curl -s http://example.com/install.sh | sh
There are a number of subtle problems with piping a HTTP response into the shell (for example, if your connection is
interrupted part-way through t…
read more