CVE-2024-6035
📋 TL;DR
A stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows attackers to inject malicious JavaScript into chat history files. When victims upload these files, the script executes in their browsers, potentially stealing data or hijacking sessions. Users of this specific version are affected.
💻 Affected Systems
- gaizhenbiao/chuanhuchatgpt
📦 What is this software?
Chuanhuchatgpt by Gaizhenbiao
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, sensitive data exfiltration, malware deployment across user systems, and credential theft leading to broader network compromise.
Likely Case
Session hijacking allowing unauthorized access to chat sessions, theft of personal data from chat histories, and potential phishing attacks against other users.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting individual user sessions without lateral movement.
🎯 Exploit Status
Exploitation requires social engineering to trick users into uploading malicious files; proof-of-concept available in public bounty reports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Later than 20240410
Vendor Advisory: https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987
Restart Required: No
Instructions:
1. Update to latest version from GitHub repository. 2. Verify chat history file upload functionality has proper input sanitization. 3. Test with known safe files to confirm fix.
🔧 Temporary Workarounds
Disable chat history file upload
allTemporarily disable the vulnerable file upload feature until patching is complete.
Modify application configuration to remove file upload functionality
Implement file type restrictions
allRestrict uploads to specific safe file types (e.g., plain text only) to prevent script execution.
Configure web server or application to reject non-text file uploads
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to block inline script execution
- Deploy WAF rules to detect and block XSS payloads in file uploads
🔍 How to Verify
Check if Vulnerable:
Check if running version 20240410 of gaizhenbiao/chuanhuchatgpt and test file upload with basic XSS payloads.Check Version:
Check application version in configuration files or via package manager (e.g., pip show chuanhuchatgpt)Verify Fix Applied:
Test file upload functionality with XSS payloads after update; payloads should be sanitized or blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with JavaScript content
- Multiple failed upload attempts with suspicious filenames
Network Indicators:
- HTTP requests containing script tags in file upload parameters
- Unexpected external connections from user browsers after file uploads
SIEM Query:
source="web_server" AND (method="POST" AND uri="*/upload*" AND (body="<script>" OR body="javascript:"))