Perplexity AI GPT-4 Information Disclosure Vulnerability via GET Parameter

A vulnerability in Perplexity AI's GPT-4 web application, specifically in version 2.51.0, allows remote attackers to access sensitive information through a GET parameter. This issue arises because chat tokens are included in the URL without proper authentication or expiration controls, enabling unauthorized access to full chat histories. The vulnerability can be exploited by anyone who captures a shared URL with its token, bypassing authentication requirements.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive chatbot content, such as legal, medical, or financial inquiries, personally identifiable information (PII), and corporate or proprietary data. This creates a significant privacy breach, especially if the information is shared unknowingly, and poses risks to regulatory compliance, including violations of GDPR and CCPA.

Reproduction

To reproduce this vulnerability, log into a Perplexity AI account or use the service as a guest. Obtain a chat token from another user, either through a shared link or reconnaissance. Then, paste the token into a modified URL that directs to the Perplexity AI search endpoint. Open this link in incognito mode, and the chat history of the other user will be accessible without any authentication.