zlacker
[return to "Detecting the use of "curl | bash" server-side"]
◧
1. jamesc+01
[view]
[source]
2018-07-29 02:00:44
>>rubyn0+(OP)
This is immune to the attack:
bash -c "$(curl -sSLf $URL)"
The key is to download first and then run
◧◩
2. arendt+Pg
[view]
[source]
2018-07-29 08:14:04
>>jamesc+01
Do you know if
. <(curl -sL $url)
works (sourcing from a Process Substitution)?
[go to top]