On 01/19/2017 12:46 PM, Marc Weber wrote: >> The trigger in this is a commonly used "ctrl+shift+v". I have asked >> around a few vim users about how they copy a text from a website into a >> file opened by vim. It looks like that everyone is doing that way. > Yeah - worse - its the recommended way because "shell code on websites" > could have <span hidden>...</span> code. Thus pasting into an editor > before running usually is the way to go. If that action is exploitable > it should be fixed in some way - and the :r!cat way is worth testing as > well to be sure. > > Marc Weber >
I have tested two ways now: 1. Copy to clipboard from browser. 2. Open Vim 3. :r! cat 4. Paste and wait. 5. Payloag gets executed, but in this case it's a bit harder to hide the fact of the exploitation. In the previous case I wrote the user at best sees only that the screen blinks. 1. Copy to clipboard from browser. 2. Create a new file with another text editor and save the clipboard content. 3. Open Vim 4. :r! cat file_created.txt 5. Does not get executed. sıx -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
