My AI Chatbot Got Hacked Now What?

Horizon3 has a post discussing Nextchat open source chatbot…

Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query  title:NextChat,"ChatGPT Next Web" pulls up 7500+ exposed instances, mostly in China and the US.” 

Exposed to the following vulnerability:  “critical full-read server-side request forgery (SSRF) vulnerability, CVE-2023-49785


There are apparently a lot of these chatbots built with an open source methodology:

From  the site

  • spaCy – Python library for advanced natural language processing.
  • Botkit – Open Source bot building blocks for Slack, Facebook Messenger, Twilio, Microsoft with Botkit Studio – a hosted development environment
  • Claudia Bot Builder – Open Source library to create chat bots for FB, Slack, Skype and Telegram and deploy to AWS Lambda
  • AIVA -General-purpose virtual assistant for developers.
  • Bottr – Open Source bot framework (nodejs).
  • RedBot – A Node-RED plugin to create multi-platform bots visually (nodejs).
  • Botman – an open-source framework in PHP
  • BotPress – Botpress is an on-prem, open-source bot building platform for businesses
  • Bottender – an open-source chatbot framework in NodeJS
  • Rasa Talk – GUI supported open-source chatbot framework built over Rasa.

All of these chatbots are open source and if they use the underlying technology that can be hacked on the server-side then they are all susceptible as per Horizon3 post.

Specifically it is “allowing unauthenticated users to send arbitrary HTTP requests through it.” This is obviously a bad thing when the attacker sends specially crafted requests:

“If this application is exposed on the Internet, an attacker essentially has full access to any other HTTP resources accessible in the same internal network as the application. The only limitation is passing along other headers such as Cookie or Content-Type, though there may be creative ways to inject these headers.”

This is very bad – the attackers will be actively trying to get more information and will be trying to take over the machines – including on the cloud like AWS or any other cloud entity.

If one item is weak and susceptible on your network it could be the gateway of disaster for your environment.

It is high time you spent more time on testing and other resources to review what is going on your network.  A SSRF (Server Side Request Forgery) vulnerability is too dangerous for the environment.

Buy my book to get started on defense if you have not started yet or to get more information.  From my publisher link.

On my Fixvirus website Free shipping for first 10 books ordered.