do you think www.aws.org runs on aws?
For those inter st in the finest writing of all time https://www-allure-com.cdn.ampproject.org/v/s/www.allure.com/story/best-sex-tip-by-zodiac-sign/amp?amp_gsa=1&_js_v=a6&usqp=mq331AQKKAFQArABIIACAw%3D%3D#amp_tf=From%20%251%24s&aoh=16392879347932&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.allure.com%2Fstory%2Fbest-sex-tip-by-zodiac-sign
Toggle navigation Application Security Blog Contact Published on 19-04-2016 by phil Installing software by piping from curl to bash is obviously a bad idea and a knowledgable user will most likely check the content first. So wouldn't it be great if a malicious payload would only render when piped to bash? A few people have tried this before by checking for the curl user agent which is by no means fail safe - the user may simply curl the url on the commandline revealing your malicious code. Luckily the behaviour of curl (and wget) changes subtely when piped into bash. This allows an attacker to present two different versions of their script depending on the context :) Its not that the HTTP requests from curl when piped to bash look any different than those piped to stdout, in fact for all intents and purposes they are identical: # curl -vv http://pluver.xqi.cc/setup.bash * Hostname was N...