Remember, always validate your inputs.
this post was submitted on 02 Jan 2024
3 points (100.0% liked)
Programmer Humor
32316 readers
195 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
Little Bobby Tables we call him.
Maybe the bot just wanted to date too
How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?
My guess would be the response text is passed through a rudimentary templating engine that looks for {
and }
. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).