ChatGPT SSRF Bug Quickly Becomes a Favorite Attack Vector
A critical vulnerability in ChatGPT's pictureproxy.php file has been exploited by threat actors to target numerous US financial and government organizations. The Server-Side Request Forgery (SSRF) flaw, tracked as CVE-2024-27564, has been observed by cybersecurity firm Veriti, which reported over 10K attack attempts in a single week from multiple threat actors.
The vulnerability resides in the insufficient validation of the url parameter, allowing attackers to inject crafted URLs and trigger arbitrary requests. "A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter," reads the advisory.
The flaw is due to a lack of checksumming on the url parameter, which introduces taint from the $_GET['url'] variable into the tainted function file_get_contents. This eventually leads to an SSRF vulnerability as the server-side request forgery allows remote attackers to force the application to make arbitrary requests.
Veriti researchers observed that 35% of companies analyzed were unprotected due to misconfigured Intrusion Prevention Systems (IPS) in their NextGenFirewall or WebApplicationFirewall. The top targeted industries and geographic locations included government organizations in the US, financial firms in Germany, Thailand, Indonesia, Colombia, and the UK.
"Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations," concludes the report. "Security teams often prioritize patching only critical and high-severity vulnerabilities. But attackers exploit whatever works, regardless of ranking."
Automated attacks scan for weaknesses, not severity scores, and misconfigurations create easy entry points, even well-secured systems remain vulnerable when IPS or WAF rules are incorrectly set.
Awareness is Key
Veriti's report highlights the importance of regular vulnerability assessments and proper configuration of security systems. The SSRF bug in ChatGPT serves as a reminder that even seemingly secure applications can be exploited by clever attackers if not properly patched or configured.
Stay Informed
For the latest updates on this vulnerability, follow Veriti's research team and other cybersecurity experts on Twitter, Facebook, and Mastodon. Stay informed about the latest threats and exploits in the ever-evolving world of cybersecurity.
Watch the Video PoC
Veriti has published a video Proof-of-Concept (PoC) for this flaw, which can be viewed by clicking on the following link: [insert link to video]. This interactive demonstration showcases the potential impact of an SSRF vulnerability and highlights the importance of addressing medium-severity vulnerabilities.