With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and a few other vulnerabilities. When chained together, these could lead to account takeover. Digging into ChatGPT My journey began with examining ChatGPT's tech stack. The use of NextJS, a popular React framework, initially made me skeptical about finding an XSS vulnerability. However, as I explored its functionalities and client-side code, I noticed something that changed my mind. The Initial Discovery ChatGPT lets users upload files and ask questions about them. When answering, ChatGPT may quote these files and include a clickable citation icon that takes you back to the original file or website for reference. Figure 1: Vulnerable Code The code above handles the citation click event. It processes the file's content into a blob, which is then opened with the window.open function. Depending on the file content type, this method could potentially be a security risk. I tested this by uploading an HTML file with text and JavaScript. ChatGPT processed it and provided a citation. When I clicked on the citation, the HTML content displayed on my screen via a blob URL, but a Content Security Policy (CSP) violation blocked my JavaScript payload. Bypassing CSP Figure 2: ChatGPT CSP Policy Investigating the CSP policy, I noticed…Read More