BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Critical vulnerability in ChatGPT allows hackers to take over someone else's account

    The OpenAI team has fixed a critical ChatGPT vulnerability that allows hackers to take over someone else's account, view chat history and access payment information. The mistake was reported to the company by Nagli bughunter and provided a video demonstration.

    The researcher managed to carry out a Web Cache Deception attack. While examining the requests processing the ChatGPT authentication flow, the specialist noticed a GET request that can reveal information about the user: "https://chat.openai.com/api/auth/session"

    Each time you log in to a ChatGPT instance, the application retrieves account information - email, name, image, and Access Token - from the server. It looks like this:

    The expert simulated a situation where a victim receives from an attacker a link to a non-existent resource with a file extension appended to the endpoint: "chat.openai.com/api/auth/session/test.css"

    OpenAI returns sensitive data in JSON after adding "css" file extension. This could be due to a regex error, or simply because the developers didn't take this attack vector into account.

    Next, the specialist changed the response header "CF-Cache-Status" to the value "HIT". This means that the data has been cached and will be returned on the next request to the same address. As a result, the attacker obtains the necessary data to intercept the victim's token.

    Attack pattern:

    • The attacker creates a dedicated ".css" path to the "/api/auth/session" endpoint;
    • The hacker distributes the link (directly to the victim or publicly);
    • The victim follows the link;
    • The response is cached.

    The cybercriminal obtains the JWT (JSON Web Token) credentials and gains full access to the target's account.

    Correction recommendations:

    1. Using a regular expression, instruct the caching server not to intercept the endpoint (OpenAI fixed the bug with this method);
    2. Don't return a private JSON response unless you directly request the desired endpoint:

    - http://chat.openai.com/api/auth/session !=

    - http://chat.openai.com/api/auth/session/test.css

    Author DeepWeb
    how did Telegram become the new cyber scam den?
    How hackers use Tor to steal crypto

    Comments 0

    Add comment