Large Language Models (LLMs) have found widespread applications in various domains, including web applications, where they facilitate human interaction via chatbots with natural language interfaces. Internally, aided by an LLM-integration middleware such as Langchain, user prompts are translated into SQL queries used by the LLM to provide meaningful responses to users. However, unsanitized user prompts can lead to SQL injection attacks, potentially compromising the security of the database. Despite the growing interest in prompt injection vulnerabilities targeting LLMs, the specific risks of generating SQL injection attacks through prompt injections have not been extensively studied. In this paper, we present a comprehensive examination of prompt-to-SQL (P$_2$SQL) injections targeting web applications based on the Langchain framework. Using Langchain as our case study, we characterize P$_2$SQL injections, exploring their variants and impact on application security through multiple concrete examples. Furthermore, we evaluate 7 state-of-the-art LLMs, demonstrating the pervasiveness of P$_2$SQL attacks across language models. Our findings indicate that LLM-integrated applications based on Langchain are highly susceptible to P$_2$SQL injection attacks, warranting the adoption of robust defenses. To counter these attacks, we propose four effective defense techniques that can be integrated as extensions to the Langchain framework. We validate the defenses through an experimental evaluation with a real-world use case application.

翻译：大型语言模型（LLMs）已广泛应用于包括Web应用在内的多个领域，通过基于自然语言接口的聊天机器人促进人机交互。在内部，借助Langchain等LLM集成中间件，用户提示被转换为SQL查询，供LLM用于向用户提供有意义的响应。然而，未经过滤的用户提示可能导致SQL注入攻击，进而危及数据库的安全性。尽管针对LLM的提示注入漏洞日益受到关注，但通过提示注入生成SQL注入攻击的具体风险尚未得到广泛研究。本文针对基于Langchain框架的Web应用，全面研究了提示到SQL（P$_2$SQL）注入问题。以Langchain为例，我们描述了P$_2$SQL注入的特征，通过多个具体实例探讨了其变体及对应用安全的影响。此外，我们评估了7种最先进的LLM，证明了P$_2$SQL攻击在各种语言模型中的普遍性。研究结果表明，基于Langchain的LLM集成应用极易遭受P$_2$SQL注入攻击，有必要采取稳健的防御措施。为应对这些攻击，我们提出了四种有效的防御技术，可作为Langchain框架的扩展集成。我们通过一个实际应用案例的实验评估验证了这些防御的有效性。