SSRF
Following up with the discovered vulnerability
I will create a new basket, ssrf
There is the token to access the newly created basket; pPe5pCeaycdY-xZoVmeskvXCGTyLUJuMAgcmCXYrLW9P
This configuration will make the web app to fetch whatever is in the internal port 80
Accessing the newly created endpoint, /ssrf, I can confirm that there is something running in the internal port 80
The site appears broken due to either incomplete path to resource files as I am accessing it through the proxy or disabled JS
Nevertheless, I can see that this site is powered by maltrail 0.53
Maltrail
maltrail is an open source malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails
It seems rather fair that this application was running on the internal network intended to monitor the activity of the other application on the port 55555
Vulnerability
Upon searching online, I found an article talking about a OS command Injection vulnerability present in the maltrail app <= 0.54
The target instance is running the outdated 0.53
Moving on to the Exploitation phase