webPromedium

Lab 105 — WriteFlow — Indirect Prompt Injection via Document Analysis

hackadvisor

Task: AI-powered content management platform (WriteFlow) with a document analyzer whose fetch_reference tool makes server-side HTTP requests triggered by specific phrases in document content. Solution: craft document text with the trigger phrase pointing to localhost, port-scan to discover internal config service on port 3001, and exfiltrate secrets from /internal/config containing the flag.

$ ls tags/ techniques/

ssrf nodejs indirect_prompt_injection document_analysis llm ai_security prompt_injection decoy_flag internal_service_discovery port_scanning

internal_service_enumerationssrf_via_ai_toolinternal_port_scanningindirect_prompt_injection_via_document_contenttrigger_phrase_exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 104 — CloudOps Copilot — AI SSRF via Infrastructure Tool Abuse— hackadvisor
[web][Pro]Lab 205 — DockForge — SSRF in Webhook Test Endpoint— hackadvisor
[web][Pro]Lab 156 — IntegraFlow — Path Traversal via Double URL Encoding— hackadvisor
[web][Pro]Lab 37 — WriteFlow — NoSQL Injection via Nested $where in Mongoose Populate— hackadvisor
[web][Pro]Lab 102 — HireScreen — Indirect Prompt Injection via Resume Description— hackadvisor