alt Hacker News> Yes, if you overwrite binaries executed by ghidra, you can trigger code execution.
> but it's probably worth noting that "RMI" stands for Remote Method Invocation
This reminds me of someone submitting a (clearly vibecoded) vulnerability report claiming to have found a way to execute arbitrary SQL. The project in question? An SQL server... https://github.com/tursodatabase/turso/pull/4322
Replies
gwerbin • today at 1:43 AM
The Turso example is a little ironic because their homepage brands them as a product intended for use primarily by AI agents.
microgpt • today at 9:30 AM
actually that is a valid vulnerability if it wasn't in test code but the correct fix would be to enclose the table name in "" with escaping
lol, that's great...the "vulnerability" isn't even in turso itself, it's a helper method inside a unit test.