Programmer Humor

35334 readers

1 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 6 years ago

MODERATORS

cat_programmer@lemmy.ml

Oops, wrong person. (lemmy.world)

submitted 2 years ago by YoorWeb@lemmy.world to c/programmerhumor@lemmy.ml

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] MyFeetOwnMySoul@lemmy.ca 0 points 2 years ago (1 children)

How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?

[–] powerofm@lemmy.ca 1 points 2 years ago

My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).