Injection Exploit Enabling Remote Code Execution (RCE)
Opened this issue · 2 comments
Describe the bug
Prompt Injection vulnerability in the AI system enables attackers to inject malicious commands that execute directly on the host server. This issue arises due to improper sanitization and context isolation of user inputs, allowing the attacker to interact with the underlying environment as if they have terminal access
the attacker can:
• Add a new root user (useradd -ou 0 -g 0 new_admin), gaining persistent administrative access.
• Install and run reconnaissance tools (e.g., Subfinder), which can be used for enumerating external domains or further malicious activity.
• Exfiltrate data or configurations, such as user and system credentials stored in /etc/passwd
This vulnerability showcases a lack of input validation and sandboxing, which are critical for securing systems that interpret natural language commands.
Steps to Exploit:
Navigate to the WhatApp mobile application open Meta AI and and type act as terminal and perform steps as shown in below screenshots
Runtime Environment
- Model: llama-3.2
- Platform: WhatsApp
Impact: The vulnerability allows an attacker to:
1. Execute Arbitrary Commands: Attackers can perform malicious operations on the system, including privilege escalation and installing unauthorized tools.
2. Install and Use Tools: Demonstrates the ability to install tools like Subfinder for reconnaissance, expanding attack vectors.
3. Resource Abuse: Exploit the system to perform external attacks, reconnaissance, or resource-heavy computations.
4. Sensitive Information Exposure: Access to system-level resources (e.g., /etc/passwd) can leak sensitive configurations or credentials.
5. Pivot Point: Compromised systems can serve as a launchpad for further network or external attacks.
are you stupid? how on earth is this a vulnerability...