Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-7231 PoC — illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion

Source
https://github.com/BBO513/CVE-2023-7231
Associated Vulnerability
Title:illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion (CVE-2023-7231)
Description:The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.
Description
PoC and Disclosure for CVE-2023-7231 – Memcached Gopher RCE chain
Readme
# CVE-2023-7231 – Critical SSRF → Memcached/Docker RCE Chain via Audible `fetchResource`

## 🔥 Summary

This vulnerability enables **Server-Side Request Forgery (SSRF)** in Audible’s `fetchResource` API on `*.audible.com`, allowing unauthenticated attackers to pivot into internal infrastructure.

Through SSRF payload chaining, we achieved:
- 🛡 **AWS EC2 Metadata Access**
- 🐳 **Docker Socket Probing on 127.0.0.1:2375**
- 🔐 **Credential & PII Exfiltration via `/env`, `/proc/self/environ`**
- ✅ Consistent `200 OK` responses from internal-only endpoints

---

## 📉 Attack Chain

```text
SSRF → AWS Metadata → IAM Role Abuse → S3/Lambda Access  
SSRF → Docker API → Root Container Access  
SSRF → Env Vars → Credential Dump → DB Pivot
File Snapshot

 [4.0K]  /data/pocs/a6b854f9f1979db85e5925b3ba80586b706a1f10
├── [3.3K]  audible_vulnerability_report_20250517_080825.md
├── [ 782]  AWS Metadata Chain Implementation_SVOMAP.py
├── [ 26K]  chain_test_results_20250517_091308.json
├── [ 907]  Compliance-First ArchitectureWICVDPPATFL.py
├── [ 973]  Docker Impact Validation_SCFDAPIE.py
├── [ 794]  Environment Variable Probing_SCFCDE.py
├── [ 812]  Execution_Workflow_OST&R.py
├── [ 778]  README.md
├── [4.0K]  SSRF_AUDIBLE
│   ├── [1.1M]  Audible_ssrf_200ok_with_data.zip
│   └── [4.0K]  README.txt
│       ├── [ 148]  curl httpswww.audible.comapifetchRe.txt
│       ├── [ 302]  HOW TO RUN.txt
│       └── [ 675]  README.md
├── [1.0K]  Theoretical Impact DocumentationWCAE-BIMS.py
└── [ 16M]  video_captured.zip

2 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →