Today, I want to share how I discovered a web vulnerabilities in AI chat bot ,I came across a target let's call it example.com which featured an interactive chatbot with an image upload functionality. The chatbot allowed users to upload images and then generated a unique URL for the uploaded file.

This is a key point of interest for any pentester: a feature that accepts and processes user input. I began by testing the basic functionality, attempting to upload different file types to see how the service would handle them

First I tried to to upload a PHP web shell failed, as expected. The service was configured to prevent the execution of malicious scripts, then I shifted my focus to the SVG file format. An SVG file is essentially an XML document, which can contain JavaScript. I crafted a simple SVG file with a basic XSS payload and uploaded it. The service accepted the file, generated a URL, and when I clicked the link, the JavaScript payload executed successfully. This confirmed a XSS vulnerability

None

I notice that when you take the link and intercept the request, the file has been cached that make Web Cache Poisoning attack and the XSS become stored , if anyone access the link it will give him alert

None
None

But the journey didn't stop there. I decided to test a more dangerous payload. If the SVG file execute arbitrary JavaScript , could make open redirect , I made svg file include this code :

<svg xmlns="http://www.w3.org/2000/svg" onload="window.location.href='http://evil.com"> </svg>

I upload the file and the chat bot cached it ,This was a unique finding. Unlike a traditional open redirect (example.com/redirect.php?url=evil.com), the malicious domain was hidden. The URL looked completely normal to the user (https://xyz.example.com/file/anthing/1234-asda789-asd456.svg), which makes it extremely useful for phishing attacks, If the victim access to the url it will immediately redirect him to evil.com .

Conclusion

This finding proves that a chatbot, a feature often considered low-risk, can be a valuable target for a pentester. It serves as a strong reminder that we must always look beyond the obvious and investigate every component of an application, no matter how small or insignificant it may seem.

thanks for reading

ومتنساش تصلي علي النبي محمد ﷺ