Imagine they have an internal tool to check if the hash exists in their database, something like
"SELECT user FROM downloads WHERE hash = '" + hash + "';"
You set the pdf hash to be 1'; DROP TABLE books;-- they scan it, and it effectively deletes their entire business lmfaoo.
Another idea might be to duplicate the PDF many times and insert bogus metadata for each. Then submit requests saying that you found an illegal distribution of the PDF. If their process isn’t automated it would waste a lot of time on their part to find the culprit Lol
I think it’s more interesting to think of how to weaponize their own hash rather than deleting it
i’m tricking the nintendo switch into thinking my computer is a bluetooth pro controller. I’m using a crate called bluer which exposes bindings to the BlueZ stack and it’s been great to use.
I got to the point where it pairs the controller and hits B to exit. However it doesnt seem to accept any more button presses after that… :) So I have some ways to go.
I’ve also needed a project where I can challenge myself with the basics of async without it being overwhelming, and I think this hits the sweet spot. It’s my first time using tokio spawn, join, and select in a real project!