DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

December 16, 2024

HTML code on a PC monitor to illustrate DOMPurify bypasses on an ethical hacker news roundup

A two-part research writeup on DOMPurify security from Kévin Gervot seems a worthy place to kick off our latest roundup of news and research aimed at security researchers.

It details a series of DOMPurify bypasses uncovered with the help of @IcesFont, @hash_kitten and @ryotkak: “three related to the default configurations for versions <= 3.1.0, 3.1.1, and 3.1.2, and one based on triple HTML parsing payloads”. The research made it into r/websecurityresearch, meaning moderators deemed it truly novel or innovative in the realm of web security. 🚀 Kévin (aka Mizu) acknowledges the role played by Dom-Explorer, a new open source tool for understanding how browsers parse HTML from our resident security researcher, Bitk. Previewing the sequel to this impressive writeup, Kévin says the latest DOMPurify fix is robust but leaves the library's security heavily reliant on a single regular expression. “In the second article, we will explore how and why this reliance can become problematic in certain configurations and use cases,” he says. 🧩

Prompt injection and containerised ChatGPT

In ‘Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment’, 0din’s Marco Figueroa unearths “the surprising capabilities that allow users to interact with” the “underlying structure” of OpenAI’s containerized model “in unexpected ways”. Among other things, this includes delving "into the Debian-based sandbox environment where ChatGPT’s code runs, highlighting its controlled file system and command execution capabilities". 🧐

ChatGPT is the subject of some interesting new prompt injection research

Google’s AI-powered fuzzing finds

Google’s open source security team, meanwhile, has outlined how a fuzzing project with 11,000 vulnerabilities to its name during its eight-year run so far has found 26 security flaws with AI-generated and enhanced fuzz targets. Perhaps the most notable of the bugs discovered by OSS-Fuzz was “a vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure”, as per a recent blog post. From drafting an initial fuzz target to triaging any crashes, the LLM can now apparently execute the first four steps of the developer’s process, with the fifth – having LLMs suggest patches – in the pipeline. 🤖

Bypassing content-type validation

Other writeups and InfoSec news of interest this month:

Talkie Pwnii

We’re delighted to spotlight a new interview and the launch of a new video series featuring talented bug hunter and YesWeHack researcher enablement specialist Hanissa S (known in hacking circles as pwnii or pwnwithlove). ❤️ Called 'Talkie Pwnii', the new monthly series sees Hanissa outline potential solutions to the most recent Dojo challenge, along with other technical tips and tricks. The first instalment kicked off with 'Shell Escape', which involved exploiting the SQL LIKE operator and a command injection regex bypass. The second (embedded below) revisits 'Hacker Forum', which involved exploiting second order SQL injection to extract data. 🛠️

Speaking of which, congrats to the winners of Hacker Forum - snurkeburk, kto94 and Tofu - and of Shell Escape: zyp3, HannanHaseeb and nomish_. 🎉 Relatedly, Dojo now has a module on IDOR, a vulnerability that occurs when an attacker can access or modify objects through manipulation. As for hacking tools, PimpMyBurp returns with a focus on SignSaboteur, a Burp extension that enables you to edit, sign, verify and exploit signed web tokens, while another noteworthy Burp tool we spotted is a set of scripts for installing a Burp Collaborator Server in a docker environment using a LetsEncrypt wildcard certificate. Marvellous. 🌟

YesWeHack triage chief Q&A

A pair of hunter interviews to flag now, starting with this sage advice from Nagli: “If you don’t stay on top of the latest trends, you won’t make it to the top.” 🧠 Who are we to disagree with one of the world’s most successful bug hunters? Keeping abreast of evolving technologies is only one of several best practices shared by the 26-year old hacker, entrepreneur and Bug Bounty automation pioneer in a new Q&A writeup (we featured the video alone in a previous newsletter). As we said earlier, Pwnii also features in a new video interview (see below) where she discusses how she got into Bug Bounty, her proudest bug find to date, her preferred hacking tools, her plans for deepening her hacking skills and her long-term plans beyond Bug Bounty. 🎯

“In general, new bugs like large language model (LLM) injection, HTTP request smuggling, OS binary or mobile app issues are more challenging for the triage team than classic vulnerabilities like XSS, CSRF and open redirects,” says our triage chief, Adrien Jeanneau (aka Hisxo), in a recent interview. “When reports use new techniques, we need to understand the risks, impact and possible mitigations.” While the interview is primarily aimed at customers and prospects, there are still some fascinating insights like this one for hunters. 🔥

Our first live hacking event in Latin America

Leaderboard time! We’ll kick off with the final podium from our live hacking event at Ekoparty in Buenos Aires last month, with Galicia Bank providing the targets (full results here):

🥇 🎩 Alan L. aka soyelmago

🥈 Damián Gambacorta aka g4mb4

🥉 Adrián Pedrazzoli aka lemonoftroy

💉 First Blood: Damián Gambacorta aka g4mb4

💥 Best Impact: 🎩 Alan L. aka soyelmago

Big up also to those who made the leaderboards of our other recent live hacking events – for cybersecurity students in France at Unlock Your Brain, Harden Your System (topped by none other than pwnii!) and at DanaCONSolidario (with proceeds donated to the relief effort for the flooding disaster in Spain). 👏

Over to YesWeHack’s overall leaderboard now. Pocsir has leapfrogged marcosen into third place on the 2024 Q4 rankings, with the ever-prolific Rabhi and Xel still out in front. This exactly mirrors the as-it-stands podium for 2024 overall with just a couple of weeks left to run. 🏆

Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to Bug Bounty Bulletin.

Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, CrowdSecWisdom – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.