this post was submitted on 02 Jan 2024
835 points (99.4% liked)

Programmer Humor

32495 readers
487 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] MyFeetOwnMySoul@lemmy.ca 44 points 10 months ago (3 children)

How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?

[–] powerofm@lemmy.ca 69 points 10 months ago (1 children)

My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).

[–] mumblerfish@lemmy.world 38 points 10 months ago

So the attack would just be a } then?

load more comments (1 replies)