Programmer Humor

32316 readers

195 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

cat_programmer@lemmy.ml

Oops, wrong person. (lemmy.world)

submitted 10 months ago by YoorWeb@lemmy.world to c/programmerhumor@lemmy.ml

5 comments fedilink hide all child comments

top 5 comments

sorted by: hot top controversial new old

[–] SzethFriendOfNimi@lemmy.world 2 points 9 months ago (1 children)

Remember, always validate your inputs.

[–] draughtcyclist@programming.dev 1 points 9 months ago

Little Bobby Tables we call him.

[–] Wutchilli@feddit.de 0 points 9 months ago

Maybe the bot just wanted to date too

[–] MyFeetOwnMySoul@lemmy.ca 0 points 9 months ago (1 children)

How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?

[–] powerofm@lemmy.ca 1 points 9 months ago

My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).