The wide adoption of open source third-party libraries can propagate vulnerabilities that originally exist in third-party libraries through dependency chains to downstream projects. To mitigate this security risk, vulnerability exploitation analysis has been proposed to further reduce false positives of vulnerability reachability analysis. However, existing approaches work less effectively when the vulnerable function of the vulnerable library is indirectly invoked by a client project through a call chain of multiple steps.

To address this problem, we propose a step-wise approach, named Magneto, to exploit vulnerabilities in dependent libraries of a client project through LLM-empowered directed fuzzing. Its core idea is to decompose the directed fuzzing for the whole call chain (from the client project to the vulnerable function) into a series of step-wise directed fuzzing for each step of the call chain. To empower directed fuzzing, it leverages LLM to facilitate the initial seed generation. Our evaluation has demonstrated the effectiveness of Magneto over the state-of-the-art; i.e., Magneto achieves an improvement of at least 75.6% in successfully triggering the vulnerability.