Computer Hope

Other => Other => Topic started by: nil on October 31, 2018, 08:16:34 AM

Title: The works of Shakespeare, encoded in a JPEG posted to Twitter
Post by: nil on October 31, 2018, 08:16:34 AM: https://twitter.com/David3141593/status/1057042085029822464

Just tried this, and it works. On Linux, you can extract the encoded binary by downloading the image, and renaming it to for instance shakespeare.zip. Direct link to the image:

https://pbs.twimg.com/media/DqteCf6WsAAhqwV.jpg

then to extract the binary

Code: [Select]
unzip shakespeare.zip
It extracts to a multi-part rar archive. Then

Code: [Select]
unrar e shakespeare.part001.rar
To extract a single HTML file containing the works of Shakespeare.

This seems like a pretty significant loophole (Twitter allows arbitrary data to be encoded in a JPEG, and serves the JPEG without removing it.) .. it means Twitter is essentially a file sharing platform - you can share any binary zip file by encoding it in a JPEG and posting it to Twitter. I expect Twitter to be making changes to how they process JPEGs, pronto...

story on hacker news

https://news.ycombinator.com/item?id=18342042

SMF 2.0.19 | SMF © 2021, Simple Machines