zlacker
[return to "Detecting the use of "curl | bash" server-side"]
◧
1. Sir_Cm+E1
[view]
[source]
2018-07-29 02:14:37
>>rubyn0+(OP)
Why not start with checking the user agent?
◧◩
2. AgentM+X1
[view]
[source]
2018-07-29 02:20:54
>>Sir_Cm+E1
The idea is to distinguish between "curl
http://x"
and "curl
http://x
| bash", in order to only give malicious content when the user pipes it straight to bash (presumably they aren't looking at the content in this case).
[go to top]