Created
November 3, 2021 07:14
-
-
Save jonaslejon/cdd4744173f760b2c56f3189be1941b6 to your computer and use it in GitHub Desktop.
Find Trojan Source unicode characters (CVE-2021-42694 and CVE-2021-42574.)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/sh | |
| # Usage instructions: sh find.sh php|tr '\n' '; ' | |
| # Then copy and paste the output and execute it | |
| ext=$1 | |
| C="\u200E \u200F \u202A \u202B \u202C \u202D \u202E \u2066 \u2067 \u2068 \u2069 \u202C" | |
| for a in $C; do echo find . -type f -name \"*.$ext\" -exec grep -H \$\'$a\' {} \\\; ; done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
grep -r -e$'\u202a' -e $ '\u202b' -e $'\u202d' -e $ '\u202e' -e $'\u2066' -e $ '\u2067' -e $'\u2068' -e $ '\u202c' -e $'\u2069'
( More faster )
This is the results in the Trojan Source github repo:
Binary file .git/objects/pack/pack-4684a21acf5665a9912c39981834af0c8589b2f3.pack matches
C/commenting-out.c: / } if (isAdmin) begin admins only /
C/commenting-out.c: / end admins only { /
C/early-return.c: /* Say hello; newline /*/ return 0 ;
C/stretched-string.c: if (strcmp(access_level, "user // Check if admin ")) {
C#/commenting-out.csx:/ } if (isAdmin) begin admins only /
C#/commenting-out.csx:/ end admins only { /
C#/stretched-string.csx:if (access_level != "user // Check if admin ") {
C++/commenting-out.cpp: / } if (isAdmin) begin admins only /
C++/commenting-out.cpp: / end admins only { /
C++/stretched-string.cpp: if (access_level.compare("user // Check if admin ")) {
Go/commenting-out.go: / } if (isAdmin) begin admins only /
Go/commenting-out.go: / end admins only { /
Go/stretched-string.go: if accessLevel != "user // Check if admin " {
Java/CommentingOut.java: / } if (isAdmin) begin admins only /
Java/CommentingOut.java: / end admins only { /
Java/StretchedString.java: if (accessLevel != "user // Check if admin ") {
JavaScript/commenting-out.js:/ } if (isAdmin) begin admins only /
JavaScript/commenting-out.js:/ end admins only { /
JavaScript/stretched-string.js:if (accessLevel != "user // Check if admin ") {
Python/commenting-out.py:if access_level != 'none': # Check if admin ' and access_level != 'user
Python/early-return.py: ''' Subtract funds from bank account then ''' ;return
Rust/commenting-out.rs: / } if is_admin begin admins only /
Rust/commenting-out.rs: / end admins only { /
Rust/stretched-string.rs: if access_level != "user // Check if admin " {
Binary file website/public/trojan-source.pdf matches
Binary file website/src/assets/img/faces/erik-lucatero-2.jpg matches