U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ChatGPT SSRF bug quickly becomes a favorite attack vector

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564 (CVSS score of 6.5), in ChatGPT to target financial and government organizations in the US. The […]

ChatGPT

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations.

Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564 (CVSS score of 6.5), in ChatGPT to target financial and government organizations in the US.

The flaw resides in pictureproxy.php and attackers could exploit the issue to inject URLs via the url parameter to trigger arbitrary requests.

“A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.” reads the advisory.

The pictureproxy.php file SSRF vulnerability is due to insufficient validation of the url parameter. Attackers can exploit this by injecting crafted URLs, leading the server to make arbitrary requests via file_get_contents.

“A Server-Side Request Forgery (SSRF) in pictureproxy.php file of [chatgpt](f9f4bbc) allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter. It should be noted that this vulnerability can be triggered without the need for authentication and is therefore more harmful.” reads the original disclosure.

“The vulnerable code is located in the pictureproxy.php file. Because the function does not perform sufficient checksumming on the url parameter, the taint is introduced from the $_GET['url'] variable into the tainted function file_get_contents , and after the file_get_contents function is executed it sends a request to the URL specified by the url parameter, eventually leading to an SSRF vulnerability.” Because the url parameter is unrestricted, it is also possible to use the server side to send requests, such as probing web services.”

Veriti researchers observed over 10K attack attempts in a week from multiple threat actors. 

“Top targeted industry and geo are Government organisations in the US.” reported Veriti “35% of companies analyzed were unprotected due to misconfigured Intrusion Prevention Systems in their NextGenFirewall or WebApplicationFirewall” 

Attacks also targeted financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK.

“Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations.” conclude the report. “Security teams often prioritize patching only critical and high-severity vulnerabilities. But attackers exploit whatever works, regardless of ranking. Exploitation trends change: A once-ignored vulnerability can quickly become a favorite attack vector. Automated attacks scan for weaknesses, not severity scores, and misconfigurations create easy entry points, even well secured systems remain vulnerable when IPS or WAF rules are incorrectly set.”

Below is a video PoC for this flaw published by Veriti:

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SSRF)