Description
This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the proxy interpolates the raw Authorization bearer value into a PostgreSQL query (WHERE v.token = '<token>') without parameterization. Because LiteLLM only hashes tokens that begin with "sk-", a bearer value that does not start with "sk-" reaches the query verbatim and is injectable. The failure path that performs the lookup is reachable before authentication. Affected versions are 1.81.16 through 1.83.6 (fixed in 1.83.7).
The module confirms the flaw with a benign time-based check built on the framework's PostgreSQL time-based blind SQL injection library. It issues a request whose injected predicate sleeps only when a tautology is true and a second request whose predicate never sleeps, and reports the target vulnerable only when the first is delayed while the second returns promptly. A server that is merely slow delays both requests and is not flagged. The module does not read or exfiltrate data.
Detection requires the target to have provisioned at least one virtual key. The injectable predicate sits in a WHERE clause that PostgreSQL evaluates only against matching rows, so when the token table is empty the pg_sleep never executes and the proxy appears (falsely) safe. Any LiteLLM proxy in real use has issued keys; a freshly initialized proxy with an empty token table may not respond to the time-based probe.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/http/litellm_proxy_sqlimsf undefined(litellm_proxy_sqli) > show actions ...actions...msf undefined(litellm_proxy_sqli) > set ACTION < action-name >msf undefined(litellm_proxy_sqli) > show options ...show and set options...msf undefined(litellm_proxy_sqli) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub