springboot-openai-chatgpt Improper Access Control

Introduction

In the springboot-openai-chatgpt web application, any user can delete another user’s chat history.

Proof of Concept (POC)

Figures 1 and 2 show two different users (with different access tokens): the "victim" and the "attacker." After the attacker deletes the history using the following API:

/api/mjkj-chat/chat/ai/delete/chat?chatListId=${chatListId}

The victim's chat history, indexed by ${chatListId}, is deleted.

Figure 2

The implementation of the delete method in the springboot-openai-chatgpt application is shown in the code snippet below.

Code Example

Result

In the springboot-openai-chatgpt web application, any user can delete another user’s chat history.

posted @ 2025-02-23 15:24  Aibot  阅读(88)  评论(0)    收藏  举报