| शीर्षक | zevorn rt-claw unreleased post-v0.2.0 (36d128f) Server-Side Request Forgery (CWE-918) |
|---|
| विवरण | # Technical Details
A Server-Side Request Forgery vulnerability exists in the `http_request` AI tool in `claw/services/tools/net.c` of rt-claw.
The application fails to validate destination URLs before performing outbound HTTP requests. When the AI model (or an attacker influencing the model) returns a `tool_use` block naming `http_request` with an attacker-controlled `url`, the tool passes that URL directly into `claw_net_get()` / `claw_net_post()`, which on Linux hands it to libcurl via `CURLOPT_URL` without loopback or private-network filtering. The response body is returned through the tool result, enabling non-blind SSRF with response exfiltration.
# Vulnerable Code
File: claw/services/tools/net.c (lines 447–463)
Method: tool_http_request()
Why: The function reads `url` from the attacker-influenced tool-call JSON and forwards it directly into `claw_net_get()` / `claw_net_post()` with no destination validation. The Linux backend in `osal/linux/claw_net_linux.c` (lines 189–235) passes the unvalidated URL to `curl_easy_setopt(curl, CURLOPT_URL, url)`.
# Reproduction
1. Build rt-claw for Linux with `-Dosal=linux -Dtool_net=true`
2. Start a localhost canary HTTP server on `127.0.0.1` with a `/internal-only` endpoint
3. Start a mock LLM API that returns a `tool_use` response for `http_request` with `url="http://127.0.0.1:<port>/internal-only"`
4. Run the rtclaw binary and send input that triggers the AI chat flow
5. Observe the canary server receives a hit from 127.0.0.1 and the tool result body contains the canary token
6. Run control with no tool call — no localhost request occurs
# Impact
- Attacker can read localhost-only admin/debug endpoints, private RFC1918 services, and cloud metadata endpoints
- Non-blind SSRF: response bodies are returned directly in the tool output channel
- Enables internal network reconnaissance and data exfiltration from services reachable by the device |
|---|
| स्रोत | ⚠️ https://github.com/zevorn/rt-claw/issues/134 |
|---|
| उपयोगकर्ता | Eric-y (UID 95889) |
|---|
| सबमिशन | 12/06/2026 11:37 AM (1 महीना पहले) |
|---|
| संयम | 17/07/2026 06:08 PM (1 month later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 379837 [zevorn rt-claw तक 0.2.0 http_request net.c claw_net_get/claw_net_post url अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|