AI Tool Finds 0-Days Instantly with One Click

Vulnhuntr, a Python static analyzer using LLMs like Claude 3.5, identified over a dozen zero-day vulnerabilities in popular open-source AI projects within hours, including remote code execution flaws. 

It discovered numerous remotely exploitable 0-day vulnerabilities in popular GitHub projects, including LFI, XSS, SSRF, RCE, IDOR, and AFO, which were found in projects with over 10,000 GitHub stars and were deemed high severity based on CVSS. 

Vulnhuntr overcomes LLM context window limitations by analyzing code in small chunks, which identify files handling user input, analyze them for vulnerabilities, and then iteratively retrieve relevant functions and classes to map the entire call chain for a comprehensive analysis.

It uses a recursive code analysis process to identify potential vulnerabilities by iteratively analyzing related code snippets and providing detailed final analyses with proof-of-concept exploits and confidence ratings, effectively narrowing down vulnerable areas in large projects.

It also uses advanced prompt engineering techniques, including XML-based prompts for structured responses, chain of thought prompting for complex reasoning, and prefilled responses for standard formats, to guide the LLM through a series of logical steps and produce detailed vulnerability reports.

Vulnhuntr is a Python-focused vulnerability scanner that excels at finding complex, remotely exploitable vulnerabilities. While it may have limitations in handling non-Python projects and occasional inconsistencies due to LLM nature, it significantly outperforms traditional static code analyzers in accurately identifying and reporting vulnerabilities.

Protect AI explores challenges in using Retrieval Augmented Generation (RAG) and fine-tuning for vulnerability call chain detection, while static parsing with Jedi is used for dynamically typed languages but requires additional logic to handle edge cases like runtime method addition.

Exploit of LFI

It analyzes code for vulnerabilities, prioritizing files handling remote user input, and targeted analysis with specific files improves efficiency and accuracy, while confidence scores above 7 indicate high potential for real vulnerabilities.  

Future code analysis will likely rely heavily on LLMs with large context windows. While static analysis remains useful, manually parsing code to feed specific call chains to LLMs can significantly improve vulnerability hunting accuracy by providing more concise and relevant information.

Exploit of XSS

The code attempts to mitigate LFI vulnerabilities but may be susceptible to attacks due to potential weaknesses in path validation and access controls. The use of os.path.relpath and the allowed_users list may not fully prevent attackers from accessing sensitive files.

The analysis identified a potential XSS vulnerability in the `file` function, which directly uses user-supplied parameters without proper sanitization or encoding, which could allow an attacker to inject malicious content into the served files or manipulate the file path to serve unexpected content, potentially leading to cross-site scripting attacks.

Multiple functions in api_provider.py are vulnerable to SSRF due to unvalidated user-controlled `api_base` parameters, allowing attackers to redirect API requests to arbitrary internal servers, potentially leaking data or compromising systems.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here