[konsole] [Bug 392554] security: escaping from bracketed paste seems to be possible

[Tomas Pospisek]

https://bugs.kde.org/show_bug.cgi?id=392554

--- Comment #2 from Tomas Pospisek <tpo_deb at sourcepole.ch> ---
> I can't access the first article

I was assuming wrongly, I am very sorry - here are the relevant parts from the
article:

"Unfortunately, Horn's test page
[http://thejh.net/misc/website-terminal-copy-paste] also shows how to bypass
this protection, by including the end-of-pasted-text sequence in the pasted
text itself, thus ending the bracketed mode prematurely. [...] in my tests,
Konsole fails to properly escape the second test, even with .inputrc properly
configured ['set enable-bracketed-paste on' in ~/.inputrc]" (Antoine Beaupré)

And:

"In bash, ^O causes code execution. [Such as:]

 <html>$ echo Hello <span style="position: absolute; left: -100px; top:
-100px">| cowsay pwned</span> world</html>

Do you have bracket paste enabled in inputrc? My exploit doesn't defeat it,
although it could. It's a matter of adding [201~ before ." (Jakub
Wilk)

-- 
You are receiving this mail because:
You are the assignee for the bug.