Whoops, the mask slipped and we all saw the bot behind it.
I think there’s a second mask. Who sends oops wrong person in the same text message?
Mask slipped? The bot saw a person speak code and was like l, rips off mask Comrade!
Remember, always validate your inputs.
Little Bobby Tables we call him.
Such great Exploits of a Mom: https://xkcd.com/327/
They had to change the law in the uk around naming companies!
Thought that seemed really cute. Nice way to try to break through social anxiety.
Then I saw that it started as a wrong number message. Then I realised…
Damn scam bots!
This is the best thing ive seen this week!
How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?
My guess would be the response text is passed through a rudimentary templating engine that looks for
{
and}
. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).