XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information.
In this blog post, I'll walk you through my discovery of two cross-site scripting vulnerabilities in ChatGPT and a few other vulnerabilities.
Digging into ChatGPT. My journey began with examining ChatGPT's tech stack.
ChatGPT lets users upload files and ask questions about them.
When answering, ChatGPT may quote these files and include a clickable citation icon that takes you back to the original file or website for reference.
It requires the user to upload a harmful file and engage in a way that prompts ChatGPT to quote from this file.
The user needs to click the citation to trigger the XSS. I looked into ChatGPT's feature for sharing conversations as a possible way to make this exploit shareable.
Files uploaded in a ChatGPT conversation are accessible only to the account that uploaded them.
Attempts to access these files from another account resulted in a 404 error.
Through my exploration, I discovered that when a GPT is set to public, it enables any account to access and download these knowledge files, as long as they have the necessary information - specifically, the GPT ID and the associated file ID. I've considered this a Broken Function Level Authorization bug since it allows any ChatGPT user to download public GPT knowledge files.
If I can make the shared conversation request a public file instead of the original uploaded file, it could make the XSS vulnerability exploitable.
To my surprise, ChatGPT accepted this change and continued generating responses as if they were from the assistant.
In this context, I could use input data to manipulate aspects of the ChatGPT application - specifically, the citation metadata - in ways that should ordinarily be off-limits to a regular user.
I created and shared a conversation, and when tested with another ChatGPT account, clicking any citation in the conversation downloaded the knowledge file from my public GPT, which triggered the XSS. I reported this vulnerability to OpenAI. They responded by removing the blob creation and altering the logic to open the download URL directly.
I then broadened my investigation by examining additional functionalities related to how ChatGPT handles the rendering of citations from websites.
ChatGPT allows its interface to be embedded in other websites using an `iframe.
In my proof of concept, I embedded the shared ChatGPT conversation within an `iframe` and used CSS to position it so that any click would inadvertently trigger the citation link.
In our scenario, when a user visited our malicious site that embedded an iframe linking to our ChatGPT shared conversation, these measures would block access to the ChatGPT session cookie and LocalStorage, effectively logging them out of their account within the iframe.
Openai.com, was considered a same-origin request, thus not subject to the typical cross-origin restrictions, enabling the takeover of any ChatGPT account.
It's rewarding to know that our efforts have made ChatGPT more secure for all its users.


This Cyber News was published on www.imperva.com. Publication date: Mon, 19 Feb 2024 14:43:06 +0000


Cyber News related to XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT - With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting vulnerabilities in ...
8 months ago Imperva.com
How enterprises are using gen AI to protect against ChatGPT leaks - ChatGPT is the new DNA of shadow IT, exposing organizations to new risks no one anticipated. Enterprise workers are gaining a 40% performance boost thanks to ChatGPT based on a recent Harvard University study. A second study from MIT discovered that ...
9 months ago Venturebeat.com
How Are Security Professionals Managing the Good, The Bad and The Ugly of ChatGPT? - ChatGPT has emerged as a shining light in this regard. Already we're seeing the platform being integrated into corporate systems, supporting in areas such as customer success or technical support. The bad: The risks surrounding ChatGPT. Of course, ...
10 months ago Cyberdefensemagazine.com
ChatGPT Extensions Could be Exploited to Steal Data and Sensitive Information - API security professionals Salt Security have released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, presenting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and ...
7 months ago Itsecurityguru.org
Google to Announce Chat-GPT Rival On February 8 Event - There seems to be a lot of consternation on Google's part at the prospect of a showdown with ChatGPT on the February 8 event. The search giant has been making moves that suggest it is preparing to enter the market for large language models, where ...
1 year ago Cybersecuritynews.com
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
11 months ago 404media.co
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
11 months ago Darkreading.com
Are you sure you want to share that with ChatGPT? How Metomic helps stop data leaks - Open AI's ChatGPT is one of the most powerful tools to come along in a lifetime, set to revolutionize the way many of us work. Workers aren't content to wait until organizations work this question out, however: Many are already using ChatGPT and ...
9 months ago Venturebeat.com
Foreign states already using ChatGPT maliciously, UK IT leaders believe - Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That's according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of ...
1 year ago Csoonline.com
Locking Down ChatGPT: A User's Guide to Strengthening Account Security - OpenAI officials said that the user who reported his ChatGPT history was a victim of a compromised ChatGPT account, which resulted in the unauthorized logins. OpenAI has confirmed that the unauthorized logins originate from Sri Lanka, according to an ...
9 months ago Cysecurity.news
The Emergence of AI In the Enterprise: Know the Security Risks - As is often the case with any new, emerging technology, using AI comes with security risks, and it's essential to understand them and impose the proper guardrails around them to protect company, customer, and employee data. There are real, tangible ...
10 months ago Cyberdefensemagazine.com
Hangzhou's Cybersecurity Breakthrough: How ChatGPT Elevated Ransomware Resolution - The Chinese media reported on Thursday that local police have arrested a criminal gang from Hangzhou who are using ChatGPT for program optimization to carry out ransomware attacks for the purpose of extortion. An organization in the Shangcheng ...
10 months ago Cysecurity.news
Smashing Security podcast #307: ChatGPT and the Minister for Foreign Affairs Graham Cluley - Could a senior Latvian politician really be responsible for scamming hundreds of "Mothers-of-two" in the UK? And should we be getting worried about the AI wonder that is ChatGPT? All this and more is discussed in the latest edition of the "Smashing ...
1 year ago Grahamcluley.com
One Year of ChatGPT: Domains Evolved by Generative AI - ChatGPT has recently completed one year after its official launch. Since it introduced the world to the future, by showing what a human-AI interaction looks like, ChatGPT has eventually transformed the entire tech realm into a cultural phenomenon. ...
11 months ago Cysecurity.news
OpenAI rolls out imperfect fix for ChatGPT data leak flaw - OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under ...
10 months ago Bleepingcomputer.com
ChatGPT 4 can exploit 87% of one-day vulnerabilities - Since the widespread and growing use of ChatGPT and other large language models in recent years, cybersecurity has been a top concern. ChatGPT 4 quickly exploited one-day vulnerabilities. During the study, the team used 15 one-day vulnerabilities ...
4 months ago Securityintelligence.com
Google DeepMind Researchers Uncover ChatGPT Vulnerabilities - Scientists at Google DeepMind, leading a research team, have adeptly utilized a cunning approach to uncover phone numbers and email addresses via OpenAI's ChatGPT, according to a report from 404 Media. This discovery prompts apprehensions regarding ...
10 months ago Cysecurity.news
Google Researchers Find ChatGPT Queries Collect Personal Data - The LLMs are evolving rapidly with continuous advancements in their research and applications. Recently, cybersecurity researchers at Google discovered how threat actors can exploit ChatGPT queries to collect personal data. StorageGuard scans, ...
11 months ago Cybersecuritynews.com
OpenAI blocks state-sponsored hackers from using ChatGPT - OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. The AI research organization took action against specific accounts associated ...
8 months ago Bleepingcomputer.com
Microsoft AI ChatGPT going rogue or experiencing seasonal depression - It's common knowledge that Microsoft now owns ChatGPT, the conversational chatbot developed by OpenAI. However, readers of Cybersecurity Insiders are now encountering an unexpected twist in the narrative - ChatGPT seems to be refusing commands from ...
10 months ago Cybersecurity-insiders.com
Chinese authorities arrest four in ransomware case involving ChatGPT - Four alleged cyberattackers have been arrested in mainland China for developing ransomware with the help of ChatGPT, the first case of its sort in the country. The South China Morning Post reported Friday that the suspects were arrested in November ...
10 months ago Siliconangle.com
OpenAIS ChatGPT is a Polymorphic Malware: How to Protect Yourself - Internet security is an important concern in the modern digital age. With the emergence of new threats such as ransomware, Trojans, and sophisticated variants of Polymorphic Malware, it is essential that users take the necessary steps to protect ...
1 year ago Hackread.com
Brazilian City Passes Law Drafted By ChatGPT - Brazilian city passes law that, unknown to most of council, was drafted in 15 seconds by OpenAI's ChatGPT chatbot. A city in southern Brazil has passed a law written in 15 seconds in its entirety by OpenAI's ChatGPT artificial intelligence chatbot. ...
11 months ago Silicon.co.uk
Why I Chose Google Bard to Help Write Security Policies - COMMENTARY. Ever since large language models like ChatGPT burst onto the scene a year ago, there have been a flurry of use cases for leveraging them in enterprise security environments. From the operational, such as analyzing logs, to assisting ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)