id: chatgpt-web-unauth info: name: ChatGPT Web - Unauthorized Access author: SleepingBag945 severity: high description: ChatGPT Web is exposed. metadata: verified: true max-request: 1 fofa-query: app="Chatgpt-web" tags: chatgpt,unauth,misconfig http: - raw: - | POST /api/session HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {} matchers-condition: and matchers: - type: word part: body words: - '"status":"Success"' - '"auth":false' - 'ChatGPTAPI' condition: and - type: word part: header words: - "application/json" - type: status status: - 200 # digest: 4a0a004730450221009335765c3a461281c6686e5525ef4df6ad033b509221998c003f467783efccbe022002fed2ad57b70a38346af4229f8309b5d16a21de09c245e1af3638f9d0086475:922c64590222798bb761d5b6d8e72950