Share 
## https://sploitus.com/exploit?id=AD8BD113-373A-5E25-B892-F8D1555A97AC
# CVE-2023-7231 – Critical SSRF β†’ Memcached/Docker RCE Chain via Audible `fetchResource`

## πŸ”₯ Summary

This vulnerability enables **Server-Side Request Forgery (SSRF)** in Audible’s `fetchResource` API on `*.audible.com`, allowing unauthenticated attackers to pivot into internal infrastructure.

Through SSRF payload chaining, we achieved:
- πŸ›‘ **AWS EC2 Metadata Access**
- 🐳 **Docker Socket Probing on 127.0.0.1:2375**
- πŸ” **Credential & PII Exfiltration via `/env`, `/proc/self/environ`**
- βœ… Consistent `200 OK` responses from internal-only endpoints

---

## πŸ“‰ Attack Chain

```text
SSRF β†’ AWS Metadata β†’ IAM Role Abuse β†’ S3/Lambda Access  
SSRF β†’ Docker API β†’ Root Container Access  
SSRF β†’ Env Vars β†’ Credential Dump β†’ DB Pivot