The Big List of Naughty Strings(github.com)
github.com
The Big List of Naughty Strings
https://github.com/minimaxir/big-list-of-naughty-strings
4 comments
Was also missing some LLM prompt injection attempts in the file (or maybe even just token injection like <|endoftext|> ) but I guess that might get out of scope.
In university, a team member on a final project swore he fixed an input injection issue. I playfully typed `rm -rf /` on his machine and challenged him to press `RET` if he was confident. He hit enter, but protested that "I just don't believe those characters should ever be typed into a computer on principle."
I'm a fan of PR #2 "be less evil"
> If we were using this in some kind of automation, the last thing I want is it to blow everything away by accident. Probably should fixup the sql injection one too...
I'm a fan of PR #2 "be less evil"
> If we were using this in some kind of automation, the last thing I want is it to blow everything away by accident. Probably should fixup the sql injection one too...
- "/dev/null; rm -rf /\*; echo",
+ "/dev/null; touch /tmp/blns.fail ; echo",The Contributions section makes it clear the naughtiest strings are the ones not welcome in this repo. ;)
If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.