Indonesia – SECRY – Using CHAT GPT to Find Vulnerability: Medium article share story of an bug hunter that shares an insightful journey involving ChatGPT’s contribution to discovering a critical bug. The narrative delves into the bug hunter’s approach, toolset, challenges faced, and the breakthrough that led to a substantial reward.
How the Hunter Starting the Hunt
The bug hunter began the hacking venture, keeping confidentiality in mind for the private program. The target, he named redacted.com, was thoroughly examined.
Initial steps included understanding the target’s functions, parameters, pages, and inspecting JavaScript code for potential sensitive data. Two key tools were used: Gospider, downloadable via “apt install gospider,” and Katana, a tool from Project Discovery.
Finding Hidden Paths API
Next, using these tools led to discovering several hidden paths, including `/api/REDACTED/upload.php`.
This caught his interest, and he scoured the application for a file upload feature linked to the API path. Even though this feature wasn’t visible in the application’s interface, he could still access the API request path—an important oversight.
Using ChatGPT‘s To Help
After recognizing the bug’s potential, the bug hunter decided to exploit it by crafting an upload request manually. Not being an expert in creating such requests, he turned to ChatGPT for help.
Then The AI’s guidance led to successfully creating a prototype Burp request for file upload. He made minor adjustments to match the request with the target’s details.
Exploring the Impact Method
After a successful upload, he faced a problem—the uploaded files didn’t execute payloads as expected. Despite trying different file extensions, the desired impact wasn’t achieved. He used Burp Intruder, a tool, to systematically explore allowed file types. He found out that only PDF files were permitted.
Although he almost considered giving up, the bug hunter resumed his research, working with ChatGPT to explore XSS vulnerabilities using PDF file uploads. Links shared by ChatGPT:
- https://portswigger.net/research/portable-data-exfiltration) and
- https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944/
The link above provided insights into injecting JavaScript code within PDF files.
The Bug Hunter SUCCESS got XSS via PDF Upload
After his persistence paid off as he successfully injected XSS payloads into a manipulated PDF file. When he submitted this altered payload to the target, an alert appeared on the file path, confirming the successful XSS execution.
Reporting the Bug and get USD 200
Finally, equipped with his discovery, he promptly reported the bug to the company. While the executed file remained on a different domain, limiting direct impact on the target, the main concern was the application’s vulnerability to arbitrary file uploads. His efforts were rewarded with a $200 bounty.
The Takeaway
This story highlights the collaboration between bug hunters and AI. It emphasizes the importance of ongoing research and experimentation. Readers gain a fresh perspective on cross-site scripting, adding to their toolkit for future hunting and penetration testing.
Link to read full write up: https://abhishekgk.medium.com/how-chatgpt-helped-me-find-a-bug-b5a3795c722
