The stuff below isn’t new. In fact, in the linked article is a link to a reddit thread where someone outlines this exact problem. But I feel that it can’t hurt to reiterate. And explore!
So, for the obligatory warning: Don’t paste anything on this page into a Powershell window. Don’t paste it into anything but a text editor. The examples below shouldn’t be harmful but… look, just don’t risk it, okay?
Malicious String – copy and paste the below example into a text editor (NOT a Powershell window)
||copy c:\inetpub\www\config.php c:\inetpub\www\config.php.txt -whatif
||echo ‘hello world!’|
Let’s explore how we got here and what we can do about it.(more…)