johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/shannon-scan-2026-02-14/deliverables/ssrf_exploitation_queue.json

17 lines
2.5 KiB
JSON
Raw Blame History

{
"vulnerabilities": [
{
"ID": "SSRF-VULN-01",
"vulnerability_type": "URL_Manipulation",
"externally_exploitable": true,
"source_endpoint": "POST /register → GET /oauth/authorize",
"vulnerable_parameter": "redirect_uris (JSON array in registration request), redirect_uri (query parameter in authorization request)",
"vulnerable_code_location": "/repos/inou-portal/portal/oauth.go:139 (http.Redirect sink), /repos/inou-portal/portal/mcp_http.go:131 (client registration without validation)",
"missing_defense": "No redirect URI validation against internal IP ranges (RFC 1918, loopback, link-local), no protocol restrictions (HTTP allowed), no domain allowlist, unauthenticated dynamic client registration endpoint",
"exploitation_hypothesis": "An attacker can register an OAuth client with a redirect_uri pointing to internal services (AWS metadata at 169.254.169.254, localhost API at 127.0.0.1:8082, or internal Signal service at 192.168.1.16:8080). When the OAuth authorization flow is initiated, the server performs an HTTP 303 redirect to the malicious redirect_uri, causing the attacker's browser to send a request to the internal service with the OAuth authorization code embedded in the URL. This enables network reconnaissance, cloud metadata exposure, and potential privilege escalation via localhost RBAC bypass.",
"suggested_exploit_technique": "internal_service_access + cloud_metadata_retrieval",
"confidence": "High",
"notes": "Complete source-to-sink taint analysis confirmed. The /register endpoint is publicly accessible at https://inou.com without authentication. Registration validation only checks that redirect_uris is non-empty (line 114 of mcp_http.go). The OAuthClientCreate function stores redirect URIs without any validation (db_queries.go:747-767). During authorization, the redirect_uri is validated only via exact string match against registered values (oauth.go:88), which provides no protection since the attacker controls what was registered. High-value internal targets include: (1) AWS metadata service for IAM credentials, (2) Internal API server at 127.0.0.1:8082 with localhost authentication bypass (auth.go:149-161), (3) Signal RPC service at 192.168.1.16:8080, (4) DICOM viewer at localhost:8765. HTTP protocol is explicitly permitted based on hardcoded client examples at oauth.go:374-379. Witness payload: Register client with redirect_uri='http://169.254.169.254/latest/meta-data/iam/security-credentials/' then trigger authorization flow."
}
]
}
Reference in New Issue View Git Blame Copy Permalink