Lmaoo the webpage has a prompt injection
this post was submitted on 04 Jan 2025
53 points (98.2% liked)
Programmer Humor
32866 readers
1100 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
I'm sorry. I didn't read the whole page. Just the part about video-over-dns which was covered in the talk.
Are you talking about that weird logo and do you recommend I remove the link?
Oh, I see the part that says “Delist…”. I did see that. I guess I was used to hearing “prompt injection” with regards to the LLM web prompts versus something that crawlers would use that I was worried I'd made a mistake sharing.
Wait, can you go into more detail? I don't feel like reading the entire thing as it's not really my area of expertise
I just came back to comment that -- probably doesn't add security unless something like xargs which puts stdin on the command line itself is used.
I have gotten in the habit of mindlessly adding it I guess.
Checks I Should Have Done Before Posting
Sorry for the self-posting. I just wanted to share my post-hoc file checks since it was due-diligence I didn't think of until after I shared.
TLDR: I redirected into a file and inspected it at least enough to say I received an mkv container with an h264 video and opus audio.
Caveats
- I am not in any way knowledgeable about security.
- You can do weird things with some files. I have no idea if mkv, opus, or h264 have comments or chimeras. See talks by Corkami for more information.
- Quad9 uses a dynamic TXT record to let the user know if they have configured their DNS resolver correctly, so I imagine you could receive a different file than I did. I have included a SHA-512 checksum for convenience which only tells you anything if you trust me for some reason.
Details
I ran the command from my post in a world-readable directory with >mystery_video_file substituted for | mpv -- - and inspected the download with
sudo --user=nobody -- file -- mystery_video_file
which output
mystery_video_file: Matroska data
I ran
rename --last -- '' '.mkv' mystery_video_file # the '' is the empty string delimited with apostrophes
and then
sudo --user=nobody -- ffprobe -hide_banner -- mystery_video_file.mkv
which output
Input #0, matroska,webm, from 'mystery_video_file.mkv': Metadata: COMPATIBLE_BRANDS: isommp42 MAJOR_BRAND : mp42 MINOR_VERSION : 0 ENCODER : Lavf60.16.100 Duration: N/A, start: -0.007000, bitrate: N/A Stream #0:0: Video: h264 (High), yuv420p(tv, bt709, progressive), 256x144 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 1k tbn (default) Metadata: HANDLER_NAME : ISO Media file produced by Google Inc. Created on: 05/29/2024. VENDOR_ID : [0][0][0][0] ENCODER : Lavc60.31.102 libx264 Stream #0:1(eng): Audio: opus, 48000 Hz, stereo, fltp (default) Metadata: HANDLER_NAME : ISO Media file produced by Google Inc. Created on: 05/29/2024. VENDOR_ID : [0][0][0][0] ENCODER : Lavc60.31.102 libopus
If you trust me and not the presenter for some inexplicable reason, the SHA-512 checksum for the video is “24345bd3ca8015c14a7d5d63d6b2a40f9d0f8c0307a65996226a496f121fa5ae934718cf58090f43ee67bc250b06804f23c73688cc871c15c1ba18d79b1a82a8”.