https://github.com/hellerve/fck-curl
Don't pipe into CURL.
https://github.com/hellerve/fck-curl
Last synced: 5 days ago
JSON representation
Don't pipe into CURL.
- Host: GitHub
- URL: https://github.com/hellerve/fck-curl
- Owner: hellerve
- Created: 2016-07-27T10:25:27.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2016-07-27T10:30:29.000Z (over 9 years ago)
- Last Synced: 2025-02-12T05:12:15.047Z (about 1 year ago)
- Size: 1000 Bytes
- Stars: 0
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# fck-curl
A simple server that shows that piping directly
into CURL might not be all that great of an idea.
It's one of the more harmless ways to break your system.
## Installation
You will need [lang-server](https://github.com/hellerve/lang-server).
```
zeps install hellerve/fck-curl
```
But you don't really want to use it, do you?
## Rationale
CURL normally tells the server that the request is sent
by it (through the `User-Agent` header). This tool is
a simple exploit that showcases how you can effortlessly
write a server that will serve harmless content as long
as you request it from any browser or other tool. As soon
as CURL enters the game, though, things get mischievous
and your system is at risk.
## Usage
```
zepto-serve fck-curl/fck-curl
```
Now try to access it from the browser of your choice, then
from CURL. If you try piping it into CURL, you might want
to create a temporary directory and `cd` into it.
Have fun!