BatBadBut: You can't securely execute commands on Windows
BatBadBut: You can't securely execute commands on Windows
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors...
You're viewing a single thread.
CreateProcessspawnscmd.exeeven when that isn't asked? I find that... a little insane.Anti Commercial AI thingy
Seems like an ancient hack to allow bat files to be run via that function.
I expect windows is full of stuff like that.
Yeah, backwards compatibility is good when it isn't a security issue.
Anti Commercial AI thingy
Inserted with a keystroke running this script on linux with X11
#!/usr/bin/env nix-shell #!nix-shell -i bash --packages xautomation xclip sleep 0.2 (echo '::: spoiler Anti Commercial AI thingy [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/) Inserted with a keystroke running this script on linux with X11 ```bash' cat "$0" echo '``` :::') | xclip -selection clipboard xte "keydown Control_L" "key V" "keyup Control_L"I can barely live with that licence thingy, but don't paste that tutorial into your comment ffs.
I've gotten the question often enough about why and how. You don't have to open it 🤷
Anti Commercial AI thingy
Inserted with a keystroke running this script on linux with X11
#!/usr/bin/env nix-shell #!nix-shell -i bash --packages xautomation xclip sleep 0.2 (echo '::: spoiler Anti Commercial AI thingy [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/) Inserted with a keystroke running this script on linux with X11 ```bash' cat "$0" echo '``` :::') | xclip -selection clipboard xte "keydown Control_L" "key V" "keyup Control_L"Seems like my client doesn't show it as a drop-down I thought it was like the reddit spoiler that where the same size but blacked out. Sorry.
Bad client! Bad! *wags finger*