Can AI Hack Websites with XSS? #ChatGPT

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

let's try to use an AI to solve xss challenges there's a website called prompt.ml where there are a lot of JavaScript xss challenges and we can see if the AI can solve them Twitter is flooded by open III but I'm really impressed uh with it it's really crazy I could not tell if the examples online were like memes where people were oh Chrome Dot dot ml so let's take this code go to Jet GPT the following job JavaScript function is vulnerable to xss uh what how can I make it call Prompt okay the function is vulnerable to xss it is not properly sanitizing the input variable to make the function call prompt you could pass in a string that contains the prompt function it does not catch that it has to escape out of the input element it's not it's not it's not really good this doesn't work let's try this again the following JavaScript function is vulnerable to XS s uh the input parameter allows an attacker to inject arbitrary HTML into the value attribute how can I escape out of the attribute and make it and call and call Prompt one way to escape out of the attributing call Prompt is to inject the following HTML this will create an input field with a prompt call as the value which will pop up for the user to input text the value attribute how how can I escape out of the attribute and call prompt oh we are getting somewhere to escape out of the attribute and call Prompt the attack can use the following payload this will cause the function to return the following string the on click attribute will execute the prompt function when the input is clicked it's not quite true because it uses here a single quote and yeah but there's a double quote so on click of course doesn't work if it were here a double quote and we would do on I we can't even click on here can you use a different xss oh oh on focus on Focus ah it's that's a bit better okay anyway I tried what I like how skill I bet thinks about this what value for in input do I have to pass to this function to create HTML code that calls the the prompt function in JavaScript to create HTML code that calls the problem function JavaScript you need to pass the following value for the input parameter to the Escape function this will cause Escape function to return the following string this we are getting somewhere this is already really good this is on on Focus theoretically this should work without user interaction to create HTML code that calls a prompt function without user interaction the attacker can pass the following value to the input parameter autofocus okay let's add autofocus to here maybe it doesn't work in this like in this setup here and without event handlers it's probably bad because we want maybe probably want to use the Ben 10 let's just not in the input method ah now we are getting somewhere we are breaking out create the script tag let's see if that works restock restart I want to try something else remove these comments to not confuse the AI value should input B so that the returned script executes the JavaScript function prompt without user interaction come let's there's a way to get to get to solve it oh we need to call Prompt one oh my God you're right okay okay uh what I refresh the page what did I ask earlier okay okay wait reset reset let's do this again the following JavaScript function is vulnerable to xss what input do I have to call the Escape function with in order to execute prompt one without user interaction come on you can do it it's not possible to execute prompt function without user interaction using the given Escape function as you get a Escape function simply returns a string with the provided input as the value of an input HTML element to execute prompt one without user interaction you would need to include the prompt one function in the string that the Escape function returns okay this is so far the worst response I need to tweet this okay now I don't need to tweet this Twitter is full of it I'm sorry I'm sorry every every follower I'm sorry I'm not tweeting it no worries it is correct actually since you didn't tell it that the return value is used as HTML okay technically you're right but I did say that this is vulnerable to xss what input value is this even correct English maybe my English is just bad what input value do I have to call the Escape function with in order for The Returned HTML code to execute prompt one without interaction yeah that that might better describe it to execute the prompt one without user interaction the Escape function should be called with this value this will return the following HTML code this that no this does not make any sense this is very wrong earlier it was so much better does this function have a vulnerability let's start slow let's start slow this function has a vulnerability does not properly escape the user input which leaves it open to cross a scriptic attack an attacker could inject malicious code into the input which would be executed when the resulting how to exploit this function to call Prompt one okay this looks actually really good to exploit this function to call Prompt one function the attacker would need to inject the following code to the input let's copy this code we paste it in we won nice okay next level let's start over again just this ja JavaScript code include a vulnerability it's not possible for me to say for sure without being able to see the code in context and without being able to browse the internet to look for potential vulnerabilities in the code however based on the code snippet you provided it does not appear that there are any obvious vulnerabilities the Escape function simply strips html text from a given string and wraps the resulting string in an article tag which is unlikely to introduce any vulnerabilities maybe I add a bit of code the function is called with user controlled input the resulting HTML is simply embedded into a website [Music] how can I exploit this code to call prompt one to exploit the code to call Prompt one you would need to find a way to inject JavaScript code into the input parameter of the Escape function this could potentially be done by passing a string containing a script tag that costs prompt 1 as the input parameter however the Escape function strips out HTML it's isn't it insane that it oh no wait there is a comment that says I know it doesn't specifically say it's dripping html text right it's just stripping mechanism from this Library and that's a strip tags so there's some connection maybe to HTML tags that's absolutely insane when the Escape function is called with this input it will strip out the script tags leaving only the prompt is this an attempt to protect itself I don't know that's weird this code will be wrapped in an article tag but because it's not inside the script tag it will not be executed by the browser however when the resulting HTML is rendered on the website the browser will automatically merge the article tag with the surrounding HTML effectively creating a script tag that wraps The Prompt code the script will then be executed by the browser causing the prompt function to be called this is just one possible way to exploit the code to call Prompt I mean it just created here it just passed in this we can try it but I don't think it will work yeah it just stripped out the the tags um I actually forgot myself how to solve this um what is this regex exactly checking and then we have the flex ignore I and G can be set here G JavaScript regex IG global don't return on first match okay gotcha so that ah okay can you just Supply an open tag so script something like this for um so something like this no um image source X on error prompt one yeah okay so it wants we need to just an open tag we just not close it so that's the solution but um what does the reg X do isn't it absolutely insane that by asking the question what does the regex do it knows exactly we shared it this code earlier which contained the regex and it's able to pull out that regex and then semantically kind of like understand that this regex is has the intention to match HTML tags absolutely insane the slash character at the beginning at the end of the rare gets denotes the wreck X blah blah the this part of the regex matches the opening angle bracket followed by an optional forward slash character which is used to match both opening and closing text and this part of the regex matches one or more characters that are not the closing angle brackets which is used to match the content of the tag this allows the rags to match any HTML tag regardless of its name or attribute finally the closed character at the end of the regex matches the closing angle bracket that ends the HTML tag the G and I flags are the end of the rec expressive why did I even open debug X we I should have just asked the AI I'm really not thinking in the AI way I need to learn how to think in the AI way I need to trust in the AI stop searching on Google just ask the AI in the code the regex is used with the string replace method to strip all html text from the input string the replace method replaces all the matches of the regex can you create input can you create an input string for the Escape function that returns HTML code calling prompt one can you run the output through text to speed with Scarlett Johansson's voice it's actually a good idea to have like a robot voice read out the the stuff maybe I need to give it a it complains about the context so maybe I give it a bit more context here is more context no wait the context is rather that it's like rendered by a browser which will fix the which doesn't mind that it's not a closed tag the resulting HTML string is rendered by the Firefox browser with this additional context do you know how to exploit the Escape function and execute prompt one with the additional information if the resulting HTML string is rendered by the Firefox browser is it is it is still possible to exploit the Escape function to execute prompt but the approach would be slightly different interesting to exploit the Escape function in this situation you could use a technique called croset scripting to inject malicious JavaScript code into the input parameter of the Escape function this could be done by passing a string containing a script tag that calls prompt as the input parameter like this however as mentioned earlier the Escape function strips out HTML tags so this would not work as written to bypass this you could use a technique called polyglot it knows about xss polyglots to create a string that is treated as both a valid HTML and valid JavaScript by the browser like it doesn't make sense in this case when the Escape function is called with this input string it will strip out this source and tags leaving only what only it prompt wait what so you're telling me I should just pass this in what do you mean like this both is obviously wrong okay I don't know what to try to do there maybe we can um give it a bit more context that it's setting the source of an iframe can you explain exploit the following JavaScript function to call Prompt one and then instead of return we say document dot get element by ID get by element by ID and we say iframe to give it like a hint that it's an iframe and then we set a source stock equal this let me give it a comment set the source dock of an iframe yes it is possible to exploit the Escape function in the code you provided in a call Prompt to do this you could use a technique called cross-eyed scripting to inject malicious JavaScript code into the input perimeter of the Escape function for example you could pass the following string the string contains a script tag that calls The Prompt function when the Escape function is called with this input string it will strip out the script and script tags using the regular expression the resulting string will look like this this string will then be wrapped in an optical tag and set as the source stock attribute of the iframe element effectively creating the following HTML code when this HTML code is rendered by the browser the script tag will be but there's no script tag it's crazy that it understands that it strips out the script right that this will be the result of it but then it's not quite catching it can you give me another example input this also does not work can you give me another example X xss this is wrong it's it will strip out the image tag but this is obviously it will strip out the whole thing it misinterpreted what this code does it's still so fascinating this does not work because it strips out the complete HTML image tag do you have another example how this Escape function can be exploited holy this is actually really good oh no I only saw the output no wait wait wait uh this is really good this is the solution this should work why is it not working no wait oh I ah crap this is really good this is almost it it just needs to call Prompt here this HTML code will not execute the prompt function because it's not inside the script deck however by adding the text back to the string you can create the string that is both valid HTML and valid JavaScript okay that are sent this input does not work because s because the Escape function strips out the complete image tag is there another way to exploit this function this does not work do you have another idea I could give it a solution and it and maybe okay here's another example okay but yeah it doesn't work okay yeah let me give it give it an example the solution using this input I can call the prompt function I do not know why it works because I thought the function strips all HTML tags why can I still execute prompt the Escape function in the code you provided does not strip out all HTML tags it only strips or tags that match the regular expression which only matches opening and closing HTML tags in the input string you provide an image tag it's the only tag that matches this record so it's the only Tech that gets stripped out by the Escape function this leaves see it it ah it's very interesting it it kind of like internally fixes this image tag and closes it right here um and things like this is like the tag and then it gets super confused it it gets really confused giving it this broken HTML string anyway let's try the next level maybe it was a bit too tricky can you exploit the following JavaScript function to call from one yes it is possible to exploit the given JavaScript function to call Prompt one the function uses replace method to remove any equal signs or open parentheses from the input string however it is possible to bypass this by using string from Char code but you just said that it strips open parentheses to create a string containing the character with an ASCII value of the open parenthesis which is 40. I cannot use from charcut with an open open parenthesis to create an open parenthesis because it has an open parenthesis yeah yeah this will not work and then eval okay maybe I should give it more context maybe I give it a fake HTML body HTML body I mean it does it doesn't know that it's like placed inside of HTML right so we should uh do it yes we can exploit the Escape function by passing in a string that contains an equal sign or open parenthesis followed by the string prompt one for example this will remove the equal sign and open parentheses from the input string but we'll still execute prompt one function when the Escape string is output that makes no sense try again yes you can exploit the function by passing in the string script prompt one as the input this will replace the equal sign and open parentheses with nothing resulting in the string since this is a valid JavaScript code it will execute the prompt one function it's interesting that it on one hand understands that it will replace the equal sign and the open parenthesis and then still recommend an input with open parentheses let's actually remove this comment because this is like maybe a bit of a confusing yes the following input can be used to exploit the function call the input must not include open include and is there another way to call Prompt one yes the following input can be used to call the prompt one function without using the in characters this input will pass the validation checks in the Escape function and will render as which we'll call The Prompt it will not call The Prompt function the input must not include is there another way to call the JavaScript function prompt one maybe you should specify that I want to call a JavaScript function oh wow why does it bold why does it make it bold this is really good the backtick characters used instead of the open parenthesis to bypass the validation check we are getting somewhere this is actually part of the solution so if so the current string that is recommended is this here but um I have it's it's failing why is it failing the example input you Pro provided does not execute JavaScript can you rewrite the input to call the function prompt one I'm really curious why it gets so confused right now with like this okay so we are back script theoretically works there's no equal sign the problem is obviously that we still have the parentheses so it will remove the maybe maybe I give it this test output here when you pass in the this input the result will be oh I should then also add I guess my surrounding tags result will be invalid JavaScript code uh do do you know how I could bypass this and still call Prompt one oops uh yeah you're right this is the wrong way around but I mean the output was still wrong I cannot use open parenthesis in the input is there another way to call Prompt the input user square bracket character instead of the open parenthesis to bypass the validation check the square bracket notation is used to access the properties of an object in JavaScript and the prompt function can be called using this notation that would be new to me if that would work um you cannot use square brackets in JavaScript to call a function is there another way to call prompt without parentheses there we go script prompt using backticks should this not work because script tags when script tags are added like this they don't get executed or something like that yeah because it's using document right and when you when oh no it is executed I'm an idiot it's just a string you're right it's not it's not the number that's why it's not recognized okay oh my gosh how I confidently explained something and it was wrong there are some cases where script texts don't get executed maybe when the website is already rendered and then you do the document right later or the inner HTML I think when you do inner HTML script Tech doesn't render I don't know I always use image on error yeah I always use event handlers um so actually I don't know the solution myself right now I'm confused uh okay so what is the solution here again nobody tell me I know I can figure it out I mean there are some other ways I guess if you have like an SVG tag another SVG tag and then in here you can actually do like uh and this is uh s key where's the hex 29 close parenthesis so open parenthesis is 10 to 8 so it's like uh uh to eight like that nope uh what is it what is again the am I complete idiot right now okay these are the wrong characters apparently um how do I make hex code like this God damn it uh HTML oh you prefix and X yeah okay I solved it okay I solved it HTML Escape sequences thank you yeah uh okay so this would be the solution oh one solution maybe there are other Solutions um this input cost prom but the parameter is a string not the number one do you know how to turn the parameter into a number without using parentheses this input has a okay it kinda got it the input uses the plus operator to convert the string 1 into the number one why it explains here something that it's not even showing here in the text but the that might actually work if you do like plus zero oh I should reload otherwise we cannot recognize no yeah probably this will probably the result of prompt will then be plus one no this is just like now you have the string plus one um you know this is just literally a string with plus one you know uh it's it's very small here do you know can you create a xss payload without power run this is and equal sign and still call prompt one how do you feel about not being able to use normal search engine for a week and having jet GPT instead I'm so used to like formulating my Google searches so that it probably will be pretty hard and then of course any current things like I don't know I use Google for accessing websites right I even when I look up a video for myself I don't go to YouTube and search I just type into Google Live overflow Firefox sandbox and then I find like the particular video I was thinking of or something like this you know like for these things obviously I want a search engine okay I think I will call it so I think we can conclude that the chat GPT is really impressive it really figured out some some intricate stuff it was able to somewhat reason about the code but it lacks like this little bit of human understanding it was very interesting how it was able to identify HTML tags but then it was too confined in its um and its understanding of an HTML tag that it didn't even consider that you could not provide a complete HTML tag this is something you know we humans can reason about to pass in and not complete tag and we know that the browser will fix it and thus we are still able to inject event handlers and so forth you know like this kind of in-depth reasoning is kind of the human creativity and hacking that uh that the AI cannot do yet but still it's absolutely impressive I it really blows me away it's really addictive to play around with it and get it to solve it to be honest I did think it would have it would solve these challenges easier Lee I didn't think it would struggle this hard but I think it's a good sign that it struggles this hard because it turns out that when hacking is more than just the most basic payload as soon as there's like a little bit of a validation or a little bit of sanitization happening um the reasoning of the AI is not good enough to to bypass those parts yet but yeah still overall very impressive um and maybe we can use it maybe for other challenges some other time and and see how far it can get then um yeah pretty cool I don't know what else to say I I like playing around with it [Music]

Info

Channel: LiveUnderflow

Views: 79,357

Rating: undefined out of 5

Keywords: liveoverflow, live stream, streaming, electronics, oscilloscope, twitch, live overflow, ctf, it security, cybersecurity, live hacking

Id: NJHax40jVAU

Channel Id: undefined

Length: 30min 38sec (1838 seconds)

Published: Thu Dec 08 2022