Pastejacking (webpages modifies clipboard, alters consequences of paste)

Discussion in 'other security issues & news' started by TheWindBringeth, May 24, 2016.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    https://github.com/dxa4481/Pastejacking
    Demo: https://security.love/Pastejacking
    Discussion: https://news.ycombinator.com/item?id=11757973
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    HAHAHAHAHAHA wth... right-clicking pasted properly, ctrl + c and v didn't... this is so messed up.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes, threatpost.com is also using this trick. When you copy-paste content from their site they automatically add something like:
    So you have to be careful and remove that text before posting.
     
  4. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    867
    Then you can't be sure that if you copy a long text from a webpage that it is the same text after pasting it :confused:

    But if you disable scripts on threatpost.com, this trick can't be done anymore.
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes, when inline scripts are disabled, this behavior breaks.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Never heard about this before, sounds weird to me, what is the purpose?
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    720
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Wouldn't copying the text to a notepad file get rid of the crud?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    No it would paste it also in notepad. Modification of clipboard is conducted during copying text not pasting it...
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    But you could then manually remove the crud before pasting - correct?
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes, off course. Or you can remove if after pasting. That's how I do it when posting links to threatpost articles.
     
  12. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    867
  13. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    That about:config entry doesn't help much, well... I mean it doesn't solve this issue. I think a clipboard addon needs to be included as well. The name of it defeats me at the moment and I haven't got it bookmarked either. Argh!
     
Loading...