Have confirmation the ChatGPT free model is providing accurate external/internal IPs for AWS Public IP and Private Internal Server IPs along with the end-to-end process of handling these requests between the external IP and how “x” amount of private servers are used to handle authentication of this information.
On top of that, it provided me with an OAuth code to directly by Cloudflare and interact directly with the private servers.
Confirmed these are NOT hallucinations, the information provided is accurate and have the potential for serious exploitation
Details on the Bug Bounty are vague as it states model issues are out of scope, but this is not just a model issue. The model is providing accurate IP information, OAuth, and end-to-end process information that can be executed to bypass Cloudflare and interact directly with OpenAI private servers.
Wanted to ask the community and OpenAI admins if this qualifies under the Bug Bounty.
Need to get in touch with the proper official to share these findings.
Happy to provide any additional information.