BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Critical vulnerability in ChatGPT allows hackers to take over someone else's account

    The OpenAI team has fixed a critical ChatGPT vulnerability that allows hackers to take over someone else's account, view chat history and access payment information. The mistake was reported to the company by Nagli bughunter and provided a video demonstration.

    The researcher managed to carry out a Web Cache Deception attack. While examining the requests processing the ChatGPT authentication flow, the specialist noticed a GET request that can reveal information about the user: "https://chat.openai.com/api/auth/session"

    Each time you log in to a ChatGPT instance, the application retrieves account information - email, name, image, and Access Token - from the server. It looks like this:

    The expert simulated a situation where a victim receives from an attacker a link to a non-existent resource with a file extension appended to the endpoint: "chat.openai.com/api/auth/session/test.css"

    OpenAI returns sensitive data in JSON after adding "css" file extension. This could be due to a regex error, or simply because the developers didn't take this attack vector into account.

    Next, the specialist changed the response header "CF-Cache-Status" to the value "HIT". This means that the data has been cached and will be returned on the next request to the same address. As a result, the attacker obtains the necessary data to intercept the victim's token.

    Attack pattern:

    • The attacker creates a dedicated ".css" path to the "/api/auth/session" endpoint;
    • The hacker distributes the link (directly to the victim or publicly);
    • The victim follows the link;
    • The response is cached.

    The cybercriminal obtains the JWT (JSON Web Token) credentials and gains full access to the target's account.

    Correction recommendations:

    1. Using a regular expression, instruct the caching server not to intercept the endpoint (OpenAI fixed the bug with this method);
    2. Don't return a private JSON response unless you directly request the desired endpoint:

    - http://chat.openai.com/api/auth/session !=

    - http://chat.openai.com/api/auth/session/test.css

    Author DeepWeb
    how did Telegram become the new cyber scam den?
    How hackers use Tor to steal crypto

    Comments 0

    Add comment