Programmer Humor

31260 readers

744 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 4 years ago

MODERATORS

[email protected]

831

Oops, wrong person. (lemmy.world)

submitted 6 months ago by YoorWeb to c/[email protected]

33 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 42 points 6 months ago (2 children)

How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?

[–] [email protected] 67 points 6 months ago (1 children)

My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).

[–] mumblerfish 36 points 6 months ago

So the attack would just be a } then?

[–] kromem 46 points 6 months ago* (last edited 6 months ago)

I don't think the code is doing anything, it looks like it might be the brackets.

That effectively the spam script has like a greedy template matcher that is trying to template the user message with the brackets and either (a) chokes on an exception so that the rest is spit out with no templating processor, or (b) completes so that it doesn't apply templating to the other side of the conversation.

So { a :'b'} might work instead.