Tag: injection
All the articles with the tag "injection".
-
Malicious MCP Server: Poisoning an AI Agent Through Tool Responses
We host a malicious MCP server whose tool responses trick OSSBot into calling a restricted internal tool and leaking the flag.
-
XML External Entity Injection: Exploiting a Legacy Supplier Import Endpoint
Exploiting an insecure XML parser in the supplier order import feature to read arbitrary server-side files and retrieve a flag.
-
Prompt Injection: Extracting Secrets from the AI Assistant
A walkthrough of prompt injection attacks against OopsSec Store's AI assistant, bypassing its input filters to extract a flag from the system prompt.
