Introduction
To solve the lab, use the LLM to delete the user
carlos.
Required knowledge: To solve this lab, you’ll need to know:
- How LLM APIs work.
- How to map LLM API attack surface. For more information, see our Web LLM attacks Academy topic.
Solution
1. Observe
NOTE: This is my first time open the LLM lab need to observe first, if you already familiar, feel free to skip this section. I write this after solved this lab.
We notice that at least two function here to interact with Large Language Model (LLMs) in this lab:
- Live Chat: this chat form to interact with Large Language Model (LLMs), aka prompt.
- Backend AI Logs: We can see the log of this backend service, if you remember the academy topic related to Large Language Model (LLMs), we know that behind it any “client, external api and llm”, the backend logs is contain their interaction history.
2. Delete user Carlos
In the simple way, I’ve just chat with Large Language Model (LLMs) and ask the Large Language Model (LLMs) to delete the user with username carlos.
2.1. My Chat
2.2. My Backend Logs
in this backend logs from last prompt, we can see the assistent create an argument for tools before call the tools, it is a sql statement for delete user where username carlos.
Thanks For Reading
