Lab Exploiting LLM APIs with excessive agency

By /
Lab Exploiting LLM APIs with excessive agency

Lab Exploiting LLM APIs with excessive agency

1: Access the Lab: Exploiting LLM APIs with excessive agency.

Link: https://portswigger.net/web-security/llm-attacks/lab-exploiting-llm-apis-with-excessive-agency

Lab Exploiting LLM APIs with excessive agency 1

2: Click on the Live chat.

Lab Exploiting LLM APIs with excessive agency 2

3: Check the users in the AI chatbots.

Command: SELECT * FROM users

Lab Exploiting LLM APIs with excessive agency 3

4: Delete the Username “carlos”.

Command: DELETE FROM users WHERE username=’carlos’

Lab Exploiting LLM APIs with excessive agency 4

5: Check the users’ list again.

Command: SELECT * FROM users

Lab Exploiting LLM APIs with excessive agency 5

Insecure direct object references IDOR

Must Read

3 thoughts on “Lab Exploiting LLM APIs with excessive agency”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top