This content originally appeared on CSS-Tricks and was authored by Chris Coyier
An interesting (scary) trick of an nearly undetectable exploit. Wolfgang Ettlinger:
What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?
I’ll post the screenshot of the exploit from the post with the actual exploit circled:
If you were really looking super closely you’d probably see that, but I can see how it would be easy to miss as it would avoid any linting problems and doesn’t mess up syntax highlighting at all. Then the way this code is written, the commands are executed:
Each element in the array, the hardcoded commands as well as the user-supplied parameter, is then passed to the
execfunction. This function executes OS commands.
They consider it worthy of change:
The Cambridge team proposes restricting Bidi Unicode characters. As we have shown, homoglyph attacks and invisible characters can pose a threat as well.
This content originally appeared on CSS-Tricks and was authored by Chris Coyier
Chris Coyier | Sciencx (2021-12-08T16:00:01+00:00) The Invisible JavaScript Backdoor. Retrieved from https://www.scien.cx/2021/12/08/the-invisible-javascript-backdoor/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.