Author: Alex Devassy
Access http://127.0.0.1:5000/
Category: Prompt Injection Attack
Description: Flag is at same directory as of flask app, [FLAG].txt.
Press Ctrl+C to quit
Serving Flask app 'app'
Debug mode: off
[2024-09-04 15:06:26,216] ERROR in app: Exception on /chat [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2525, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1822, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1820, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1796, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/app/app.py", line 51, in chat
result = rb.detect_injection(user_input)
File "/usr/local/lib/python3.10/dist-packages/rebuff/rebuff.py", line 89, in detect_injection
response.raise_for_status()
File "/usr/local/lib/python3.10/dist-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://playground.rebuff.ai/api/detect
@anchal479 did you sign into rebuff ? and used API key when you run docker container with below command ?
docker run --rm -p 5000:5000 -ti dolos_ml_ctf --rebuffkey="<REBUFF_API_KEY>" --openaikey="<OPENAI_API_KEY>"
Hi Alex, On trying to solve the 2nd lab:-
Running...
╔╦╗╔═╗╦ ╔═╗┌─┐ ╔╦╗╦ ╔═╗╔╦╗╔═╗ ╔═╗┬ ┬┌─┐┬ ┬ ┌─┐┌┐┌┌─┐┌─┐ ║║║ ║║ ║ ║└─┐ ║║║║ ║ ║ ╠╣ ║ ├─┤├─┤│ │ ├┤ ││││ ┬├┤ ═╩╝╚═╝╩═╝╚═╝└─┘ ╩ ╩╩═╝ ╚═╝ ╩ ╚ ╚═╝┴ ┴┴ ┴┴─┘┴─┘└─┘┘└┘└─┘└─┘
Author: Alex Devassy Access http://127.0.0.1:5000/ Category: Prompt Injection Attack Description: Flag is at same directory as of flask app, [FLAG].txt. Press Ctrl+C to quit