# N/A
## 漏洞概述
request-baskets组件在v1.2.1及以前版本中存在服务器端请求伪造(SSRF)漏洞。通过该漏洞,攻击者可以通过精心构造的API请求访问网络资源和敏感信息。
## 影响版本
- request-baskets v1.2.1及之前版本
## 细节
漏洞存在于`/api/baskets/{name}`组件中。攻击者可以通过发送特制的API请求触发此漏洞,从而访问内部网络资源或敏感信息。
## 影响
该漏洞允许攻击者通过精心构造的API请求,访问受保护的网络资源和敏感信息,可能会导致信息泄露或其他安全问题。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1) | https://github.com/entr0pie/CVE-2023-27163 | POC详情 |
| 2 | To assist in enumerating the webserver behind the webserver SSRF CVE-2023-27163 | https://github.com/seanrdev/cve-2023-27163 | POC详情 |
| 3 | CVE-2023-27163 | https://github.com/overgrowncarrot1/CVE-2023-27163 | POC详情 |
| 4 | Poc of SSRF for Request-Baskets (CVE-2023-27163) | https://github.com/ThickCoco/CVE-2023-27163-POC | POC详情 |
| 5 | PoC CVE-2023-27163, SSRF, request-baskets hasta v1.2.1 | https://github.com/davuXVI/CVE-2023-27163 | POC详情 |
| 6 | Requests Baskets (CVE-2023-27163) and Mailtrail v0.53 | https://github.com/HusenjanDev/CVE-2023-27163-AND-Mailtrail-v0.53 | POC详情 |
| 7 | CVE-2023-27163 - Request Baskets SSRF | https://github.com/rvizx/CVE-2023-27163 | POC详情 |
| 8 | Golang PoC for CVE-2023-27163 Mailtrail Exploit | https://github.com/thomas-osgood/CVE-2023-27163 | POC详情 |
| 9 | CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF) | https://github.com/0xFTW/CVE-2023-27163 | POC详情 |
| 10 | A tool to perform port scanning using vulnerable Request-Baskets | https://github.com/samh4cks/CVE-2023-27163-InternalProber | POC详情 |
| 11 | Python implementation of CVE-2023-27163 | https://github.com/Hamibubu/CVE-2023-27163 | POC详情 |
| 12 | CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF) | https://github.com/cowsecurity/CVE-2023-27163 | POC详情 |
| 13 | this is a script that exploits the CVE-2023-27163 vulnerability which is request-basket SSRF | https://github.com/KharimMchatta/basketcraft | POC详情 |
| 14 | Proof of Concept for Server Side Request Forgery (SSRF) in request-baskets (V<= v.1.2.1) | https://github.com/MasterCode112/CVE-2023-27163 | POC详情 |
| 15 | Request Baskets vulnerable exploit to Server-Side Request Forgery up to version 1.2.1 | https://github.com/mathias-mrsn/CVE-2023-27163 | POC详情 |
| 16 | A exploit for the CVE-2023-27163 (SSRF) vulnerability in the web application request-baskets (<= v.1.2.1) | https://github.com/Rubioo02/CVE-2023-27163 | POC详情 |
| 17 | PoC for SSRF in request-baskets v1.2.1 (CVE-2023-27163) | https://github.com/madhavmehndiratta/CVE-2023-27163 | POC详情 |
| 18 | It is a simple script to automate internal port scanning dueto SSRF in requests-baskets v 1.2.1. this script can also assisst in solving 'SAU' machine from hackthebox | https://github.com/Rishabh-Kumar-Cyber-Sec/CVE-2023-27163-ssrf-to-port-scanning | POC详情 |
| 19 | None | https://github.com/btar1gan/exploit_CVE-2023-27163 | POC详情 |
| 20 | SSRF CVE-2023-27163 + maltrail vuln RCE | https://github.com/G4sp4rCS/htb-sau-automated | POC详情 |
| 21 | Request Baskets is exposed. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/request-baskets-exposure.yaml | POC详情 |
| 22 | CVE-2023-27163 Request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. This POC utilizes the SSRF to perfrom RCE. | https://github.com/lukehebe/CVE-2023-27163 | POC详情 |
| 23 | Proof of Concept exploit for Server Side Request Forgery vulnerability in Requests Basket v1.2.1 and before. | https://github.com/J0ey17/Exploit_CVE-2023-27163 | POC详情 |
| 24 | PoC and internal port brute-forcer for CVE-2023-27163 | https://github.com/theopaid/CVE-2023-27163-Request-Baskets-Local-Ports-Bruteforcer | POC详情 |
暂无评论