LunarN0v4

Keybase proof

I hereby claim:

• I am lunarn0v4 on github.
• I am novadev (https://keybase.io/novadev) on keybase.
• I have a public key ASAL0sx-eey60gkQQuXlUsN58AAwpzVGA9LbFCUl86wJ3go

To claim this, I am signing this object:

LunarN0v4

After watching the latest Endermanch video and using my basic knowledge of hex, I've found a bug with the Recycle Bin on Windows 10 (amd64, 22H2).
I have found out partially why it seems to happen, but I'm mostly unsure, and therefore, the cause is merely a theory.
Here's how to do it:

1. Open a hex editor, hopefully you know how to get to the "secret" Recycle Bin files already after watching Endermanch's video
2. Open the "$I" file for your recycled file (not deleted) in your hex editor
3. Remove all the data from your "$I" file and replace it with the following (FILE SIZE CHANGES ARE INTENDED):
   02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 D8 61 13 5A C8 24 05 00 00 00 5E 00 5E 00 5E 00 3A 00 5C 00 00 00
4. Save the file
5. Open the Recycle Bin and refresh (CTRL+R), every time that you refresh, you'll see a new string for the name (yes, the date being set that way is part of the hex I provided)
6. Profit!

LunarN0v4

Text Injection is to inject text into a website and overwrite the original content.
Value Injection is to inject a custom value to edit what a website says, not the same as text injection but can be used for a similar purpose.
These are NOT vulnerabilities, but can be used to deceive people, it might be best to use JS to circumvent this issue.
Popular platforms are usually not affected by these issues.

Here's an example of how text injection can be done:
Let's take "example.com" and repurpose the link to take in text, let's say it's an error, so let's set the text input to "err", the page takes this value from the URL and puts it on the page, even if you reload, it'll show up the same way every time:
example.com/?err=

Cool, now let's add error text to it: