|
|
|
|
|
|
by saba2008
1582 days ago
|
|
|
You can exploit it do distinguish whenever script is `curl | bash`'ed. Add `sleep 1`, and detect pause on server. Then, if pause detected - serve attack payload. If not - somebody is careful enough to download and audit, so serve just the script. |
|
|
Discussed on HN:
2020: https://news.ycombinator.com/item?id=25356757 (133 comments)
2018: https://news.ycombinator.com/item?id=17636032 (146 comments)
2016: https://news.ycombinator.com/item?id=11532599 (122 comments)