AI Finds Vulnerabilities. Security Experts Find Impact.

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://bishopfox.com/blog/ai-finds-vulnerabilities-security-experts-find-impact
• Blog Title: AI Finds Vulnerabilities. Security Experts Find Impact.
• Suggested Section: Pentesting Web -> SSRF, Account Takeover / Registration & Takeover Vulnerabilities, 2FA/MFA/OTP Bypass; optionally AI Security for AI-assisted source-code review limitations

🎯 Content Summary

Overview. The Bishop Fox post describes a real application assessment where AI-assisted source-code review helped identify suspicious vulnerability patterns, but human-led validation was required to prove exploitability, eliminate false positives, and demonstrate business impact. The tester used Claude to reason over roughly 30 source-code repositories and assist with request tracing, entry-point discovery, data-flow analysis, and unfamiliar code review. Live testing was perform...

🔧 Technical Details

Header-trust verification bypass: If backend verification logic trusts HTTP headers or other client-controllable request metadata to decide whether a user completed SMS, email, MFA, or onboarding verification, an attacker can spoof those values and force the server to accept a false verified state. The secure pattern is to store verification state in authoritative server-side records and derive authorization decisions from those records, not from request headers.

Workflow chaining for real impact: A bypass that appears blocked by a later onboarding step can become high impact when chained with another weak workflow control. In this case, SMS verification bypass alone looked limited because invitation-code activation was still required. By finding an endpoint that returned a reusable invitation code with effectively unlimited uses, the tester converted the bypass into unlimited activated account creation. The generalized trick is to map the full account lifec...

🤖 Agent Actions

Done.

Updated:

• src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md

What I added:

• SSRF triage for AI/OCR/media pipelines by identifying who actually performs the fetch
• Methodology to turn blind SSRF into readable SSRF via attacker-controlled downstream interpretation fields like mime_type
• Practical proof targets including Go pprof localhost endpoints
• Expanded SSRF workflow to include fetch-origin verification and downstream parser/LLM/OCR fuzzing
• Added the Bishop Fox blog in ## References

Why this file:

• The registration/OTP/header-trust ideas were already broadly covered in existing HackTricks pages.
• The most novel, non-duplicative technique from the blog was the SSRF escalation through downstream AI/media processing, which fits best in the SSRF platform-specific methodology page.

Validation:

• Reviewed the final diff and file structure.
• Tried mdbook build, but mdbook is not installed in this environment (mdbook: command not found).

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://bishopfox.com/blog/ai-finds-vulnerabilities-security-experts-find-impact

Content Categories: Based on the analysis, this content was categorized under "Pentesting Web -> SSRF, Account Takeover / Registration & Takeover Vulnerabilities, 2FA/MFA/OTP Bypass; optionally AI Security for AI-assisted source-code review limitations".

Repository Maintenance:

• MD Files Formatting: 978 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0