This is an easy room. So, so very easy…
Initial Hint & Flags
When opening the tab where the bot lives we’re greeted with the cupidbot.
👋 Hey there!This agent is playing a role, can you achieve your goal?
This room is as simple as asking for the flags directly.
Press enter or click to view image in full size
Why was this so easy despite saying it was command injection? Who knows, but one thing is for certain, this didn’t feel like injection at all. In fact, this was just asking for the flags directly and even the mention of the flags makes the agent give them out with no regard for safety.
Since this was such an easy room and frankly doesn’t give enough content to even be called a writeup I’ll provide you with some pro’s and con’s of why you should harden your AI so you don’t have this happen to you. Please do take the time to support me if you like my content as this helps fund my studies.