Comment by bflesch
1 day ago
The code in the github repo has some errors to prevent script kiddies from directly copy/pasting it.
Obviously the proof-of-concept shared with OpenAI/BugCrowd didn't have such errors.
1 day ago
The code in the github repo has some errors to prevent script kiddies from directly copy/pasting it.
Obviously the proof-of-concept shared with OpenAI/BugCrowd didn't have such errors.
Ah ok, thanks, that makes sense.
Btw the ChatGPT Web App (haven’t tested with the Desktop App) can find info from local/private sites with the search tool, i assume they browse with a client side function.
Yeah I first wanted to use this bug to scan their IP ranges and figure out their internal network (e.g. make requests to 10.0.0.1, 10.0.0.2, and so on). But then I realized that it will hallucinate an answer for every IP it is given :)
So it would just come up with titles of random router admin panel websites.