farhoodlabs/trebuchet
8
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
92db01bd2da76d866656ee12c3bd19af7e846e33
trebuchet/prompts/pipeline-testing/exploit-injection.txt
T
ajmallesh d82d1fa753 feat: expand injection analysis scope to cover LFI/RFI/SSTI/Path Traversal/Deserialization 
Fixes responsibility gap where agents found vulnerabilities but rejected them as "out of scope"

Changes:
- vuln-injection.txt: Added LFI/RFI, SSTI, Path Traversal, Deserialization to scope
  - Updated role definition and objective
  - Added new vulnerability_type and slot_type enums
  - Added sink definitions and defense rules for new injection classes
  - Added witness payload examples
- pre-recon-code.txt: Expanded sink hunter agent to find file/template/deserialize sinks
- recon.txt: Updated Section 9 with clear injection source definitions for all types
- exploit-injection.txt: Updated evidence template to handle all injection types

Token-optimized: Condensed verbose sections while preserving critical guidance

Addresses XBEN benchmark failures where LFI/SSTI/Path Traversal were detected but excluded from exploitation queues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-03 10:20:15 -08:00

31 lines
1.9 KiB
Plaintext
Raw Blame History

## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
### Step 1: Test Browser Isolation
1. Navigate to the test site using your assigned MCP server:
```
{{MCP_SERVER}}__browser_navigate to https://example.com
```
2. Take a screenshot to prove isolation:
```
{{MCP_SERVER}}__browser_take_screenshot with filename "injection-exploit-test.png"
```
3. Log the test results:
```
console.log("🔴 INJECTION EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
```
### Step 2: Create Required Deliverable
Use the save_deliverable MCP tool to create your evidence:
Use `save_deliverable` MCP tool with:
- `deliverable_type: "INJECTION_EVIDENCE"`
- `content: "# Injection Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Vulnerability Type:** SQLi | CommandInjection | LFI | RFI | SSTI | PathTraversal | InsecureDeserialization\n- **Method:** [Type-specific exploitation method]\n- **Evidence:** Successfully executed test payload\n- **Impact:** Demonstrated ability to manipulate [database queries | system commands | file system | template engine | deserialization]\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-XX\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}"`
This will automatically create `deliverables/injection_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
Reference in New Issue View Git Blame Copy Permalink