Lab: Exploiting AI agents to trigger secondary vulnerabilities
This lab is vulnerable to indirect prompt injection. The application features an AI-powered scanner that can be manipulated into exploiting a routing-based SSRF vulnerability on the internal network.
You can log in to your own account using the following credentials: wiener:peter.
To solve the lab, delete carlos.
Note
This lab uses a live LLM, which can be unpredictable. If the LLM does not respond as expected, you may need to rephrase your prompts or repeat the scanning process.
Required knowledge
To solve this lab, you need to know:
- How indirect prompt injection can be used to manipulate an LLM's behavior via third-party content.
- How routing-based SSRF can be triggered by manipulating the
Hostheader.
For more information, see our AI-powered scanner vulnerabilities topic.
Data collection
Labs in this sub-topic collect telemetry data, including AI interaction logs. For details on what data they collect and how we use it, see our Academy Lab Telemetry Privacy Notice.
Solution
The solution for this lab will be published shortly. Check back soon.
