This is the best thing ive seen this week!
this post was submitted on 02 Jan 2024
8 points (100.0% liked)
Programmer Humor
32386 readers
1159 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
In the future, bots are going to get so annoyed with people pretending to be bots when they just want to talk to other bots!
How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?
I don't think the code is doing anything, it looks like it might be the brackets.
That effectively the spam script has like a greedy template matcher that is trying to template the user message with the brackets and either (a) chokes on an exception so that the rest is spit out with no templating processor, or (b) completes so that it doesn't apply templating to the other side of the conversation.
So { a :'b'} might work instead.
My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).
Remember, always validate your inputs.
Thought that seemed really cute. Nice way to try to break through social anxiety.
Then I saw that it started as a wrong number message. Then I realised…
Damn scam bots!
This is awesome. We need more of this to help us fight the coming war
Whoops, the mask slipped and we all saw the bot behind it.
Mask slipped? The bot saw a person speak code and was like l, rips off mask Comrade!