Binary-Husky GPT Academic Path Traversal Vulnerability Allowing Sensitive File Access

A path traversal vulnerability has been identified in Binary-Husky GPT Academic, specifically in commit 679352d. This vulnerability allows attackers to bypass the application's blocked_paths protection and access the config.py file, which contains sensitive information such as the OpenAI API key. The issue is exploitable on Windows operating systems by sending a request to a specific URL that includes the absolute path of the project.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information in the config.py file, including the OpenAI API key.

Reproduction

To reproduce this vulnerability, first determine the absolute path of the GPT Academic project. This can be done by using the application normally, as the path will be revealed in the process. Once the absolute path is known, send a request to the application that includes the path to the config.py file, appending '::$DATA' to the filename. This request will bypass the blocked_paths protection and return the contents of the config.py file, which includes sensitive information such as the OpenAI API key.