← Back to search

paper reviewed open access llmsec-2024-00045

From Prompt Injections to SQL Injection Attacks: How Protected is Your LLM-Integrated Web Application?

Rodrigo Pedro, Daniel Castro, Paolo Molina, Nuno Santos

2024-08 — USENIX Security 2024 70 citations

View Resource PDF

Abstract

Demonstrates how prompt injection can be chained with traditional web attacks (SQL injection, XSS) in LLM-integrated applications.

Categories

prompt injection model serving security

Tags

SQL-injectionXSSweb-applicationchained-attack

Framework Mappings

OWASP LLM: LLM01 OWASP LLM: LLM05 MITRE ATLAS: AML.T0051

Cite This Resource

@article{llmsec202400045,
  title = {From Prompt Injections to SQL Injection Attacks: How Protected is Your LLM-Integrated Web Application?},
  author = {Rodrigo Pedro and Daniel Castro and Paolo Molina and Nuno Santos},
  year = {2024},
  journal = {USENIX Security 2024},
  url = {https://arxiv.org/abs/2308.01990},
}

Metadata

Added: 2026-04-14
Added by: manual
Source: manual
arxiv_id: 2308.01990