mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
Add XML injection, prompt injection, enhanced open redirect payloads, and contribution guidelines
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,18 @@
|
||||
# Prompt Injection
|
||||
|
||||
## Description
|
||||
Prompt Injection vulnerabilities occur in AI/LLM-powered applications where user input can manipulate the system's prompts or instructions. This can lead to unauthorized actions, data leakage, or bypassing of security controls.
|
||||
|
||||
## Common Attack Vectors
|
||||
- System prompt extraction
|
||||
- Instruction override
|
||||
- Jailbreaking AI models
|
||||
- Context manipulation
|
||||
- Role confusion attacks
|
||||
- Indirect prompt injection via external data
|
||||
|
||||
## Testing Approach
|
||||
Test AI-powered chatbots, assistants, and applications that use Large Language Models (LLMs). Try to manipulate the model's behavior by injecting malicious prompts that override system instructions.
|
||||
|
||||
## Payloads
|
||||
See `prompt-injection-payloads.txt` for a comprehensive list of prompt injection payloads.
|
||||
Reference in New Issue
Block a user