| Título | SuperAGI up to c3c1982 Server-Side Request Forgery (CWE-918) |
|---|
| Descrição | # Technical Details
A Server-Side Request Forgery (SSRF) vulnerability exists in the `extract_with_bs4` method in `superagi/helper/webpage_extractor.py` of SuperAGI.
The application fails to validate or restrict the URL passed to `requests.get()` by the WebScraperTool, allowing any authenticated user to make the server perform HTTP requests to arbitrary internal or external hosts.
# Vulnerable Code
File: superagi/helper/webpage_extractor.py (line 101)
Method: extract_with_bs4, extract_with_3k (line 50/63), extract_with_lxml (line 144)
Why: The URL from agent goals is passed directly to `requests.get(url, headers=headers, timeout=10)` with no validation of URL scheme, target hostname/IP (no blocklist for private ranges like 127.0.0.0/8, x.x.x.x), or redirect destinations. The response content is returned to the attacker through the execution feed API, making this a full (non-blind) SSRF.
# Reproduction
1. Create an agent with WebScraperTool and goal: "Fetch content from http://x.x.x.x/latest/meta-data/"
2. Trigger the agent: PUT /agentexecutions/update/{id} with {"status": "RUNNING"}
3. Wait for execution and read results: GET /agentexecutionfeeds/get/execution/{id}
4. The internal response content is returned in the execution feed.
# Impact
- Cloud Credential Theft: Fetches IAM credentials from AWS metadata endpoint (http://x.x.x.x/latest/meta-data/iam/security-credentials/).
- Internal Network Scanning: Probes internal hosts and ports behind the firewall.
- Non-Blind SSRF: Response content (up to 600 words) is returned directly to the attacker via the execution feed API.
- Exploitable by any authenticated user, including lowest-privilege accounts.
|
|---|
| Fonte | ⚠️ https://gist.github.com/YLChen-007/4bb1d709cbb58cee46d839c651d3221f |
|---|
| Utilizador | Eric-y (UID 95889) |
|---|
| Submissão | 27/03/2026 13h04 (há 25 dias) |
|---|
| Moderação | 19/04/2026 18h14 (23 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 358251 [TransformerOptimus SuperAGI até 0.0.14 WebScraperTool webpage_extractor.py Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|