关联漏洞
标题:
request-baskets 代码问题漏洞
(CVE-2023-27163)
描述:request-baskets是rbaskets开源的一个Web服务。 request-baskets v1.2.1版本及之前版本存在安全漏洞,该漏洞源于通过组件/api/baskets/{name}发现包含服务器端请求伪造 (SSRF)漏洞。攻击者利用该漏洞通过特制的API请求访问网络资源和敏感信息。
描述
A tool to perform port scanning using vulnerable Request-Baskets
介绍
# CVE-2023-27163-InternalProber
`CVE-2023-27163-InternalProber` is a powerful tool designed to help you to create a request basket and perform port scanning. It automates the creation of new basket and then change the configuration for each port to perform port scanning on the internal IP address. By leveraging this tool, you can efficiently discover potential security vulnerability by port scanning.
## Features
- Quickly scan ports in a specified range on a target's internal network.
- No output file is created, only the open port URLs are printed.
## Installation
1. Make sure you have Python 3.x installed on your system.
2. Clone this repository or download the script directly.
3. Open a terminal and navigate to the script's directory.
## Usage
```sh
python internal_port_scanner.py -t <target_url> -i <internal_ip>
```
### Flags
- `-t` or `--target`: Specify the target URL to perform port scanning on.
- `-i` or `--internal-ip`: Specify the internal IP address for port configuration.
## How It Works
1. Creates a random basket to establish communication with the target.
2. Iterates through the specified port range, configuring the basket for each port.
3. Checks if the basket's URL is reachable. If reachable, an open port is detected.
## Contributions
Contributions are welcome! If you find a bug or want to suggest an improvement, please open an issue or submit a pull request.
## License
This project is licensed under the [MIT License](LICENSE).
---
**Disclaimer:** This tool is designed for educational and security research purposes. Use it responsibly and only on web applications you have permission to test. The developers are not responsible for any unauthorized or illegal use of this tool.
For more information, please refer to the [GitHub repository](https://github.com/samh4cks/CVE-2023-27163-InternalProber).
**Author:** Samarth Dad ([samh4cks](https://twitter.com/samh4cks))
**Contact:** samarth.webappsec@gmail.com
文件快照
[4.0K] /data/pocs/05f82c65eeb8cbd5f1af035c46e873dd160bf3d0
├── [3.7K] CVE-2023-27163.py
├── [ 61] gitops.sh
├── [1.0K] LICENSE
├── [2.0K] README.md
└── [ 17] requirements.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。