Note that ChatGPT indeed implemented a state parameter, but their state was not a random value, and therefore could be guessed by the attacker.
Bruh wut, rookie mistake.
State is supposed to be mathematically random and should expire fairly quickly.
I always have used a random guid that expires after 10-15 minutes for state, if they try and complete the oauth with an expired state value I reject ad ask them to try again.
Also yeah the redirect uri trick is common, that’s why oath apis must always have a “whitelist urls” functionality. And not just domain, the whole url.
That’s why when you make a Google api token you gotta specify what urls it’s valid for explicitly. That way any other different redirect uri gets rejected, to prevent an injection attack from a third party providing their own different redirect uri to a victim.
Oath is pretty explicit about all these things in its spec. It really sucks people treat it as optional “not important” factors.
It’s important. Do it. Always.
deleted by creator
I still love how stupid ‘hacking’ these things are. Like the poem shit. Thats the future. Tell a bot to say something a bunch of times and it spits out someone’s address.
Not related to the article at all mate.
This article is about how many plugins have Bern discovered to have implemented oath in a very insecure way and simply using them can expose your sensitive info you have linked to your chatgpt account.
IE:
-
You connect your github account to your chatgpt account (so you can ask chatgpt questions about your private codebase)
-
You install and use one of many other compromisable weakly implemented plugins
-
Attacker uses the weak plugin to compromise your whole account and can now access anything you attached to your account, IE they can now access your private git repos you hooked up in step 1…
Most of the attack vectors involve a basic (hard to notice) phish attack on weak oath urls.
The tricky part is the urls truly are and look legit. It isn’t a fake url, it actually links to the legit page, but they added some query params (the part after the ? In the url) that compromise the way it behaves
-