Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source
https://github.com/samh4cks/CVE-2023-27163-InternalProber
Associated Vulnerability
Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets是rbaskets开源的一个Web服务。 request-baskets v1.2.1版本及之前版本存在安全漏洞,该漏洞源于通过组件/api/baskets/{name}发现包含服务器端请求伪造 (SSRF)漏洞。攻击者利用该漏洞通过特制的API请求访问网络资源和敏感信息。
Description
A tool to perform port scanning using vulnerable Request-Baskets
Readme
# CVE-2023-27163-InternalProber

![GitHub License](https://img.shields.io/github/license/samh4cks/CVE-2023-27163-InternalProber)

`CVE-2023-27163-InternalProber` is a powerful tool designed to help you to create a request basket and perform port scanning. It automates the creation of new basket and then change the configuration for each port to perform port scanning on the internal IP address. By leveraging this tool, you can efficiently discover potential security vulnerability by port scanning.

## Features

- Quickly scan ports in a specified range on a target's internal network.
- No output file is created, only the open port URLs are printed.

## Installation 

1. Make sure you have Python 3.x installed on your system.
2. Clone this repository or download the script directly.
3. Open a terminal and navigate to the script's directory.

## Usage

```sh
python internal_port_scanner.py -t <target_url> -i <internal_ip>
```

### Flags

- `-t` or `--target`: Specify the target URL to perform port scanning on.
- `-i` or `--internal-ip`: Specify the internal IP address for port configuration.

## How It Works

1. Creates a random basket to establish communication with the target.
2. Iterates through the specified port range, configuring the basket for each port.
3. Checks if the basket's URL is reachable. If reachable, an open port is detected.

## Contributions

Contributions are welcome! If you find a bug or want to suggest an improvement, please open an issue or submit a pull request.

## License

This project is licensed under the [MIT License](LICENSE).

---

**Disclaimer:** This tool is designed for educational and security research purposes. Use it responsibly and only on web applications you have permission to test. The developers are not responsible for any unauthorized or illegal use of this tool.

For more information, please refer to the [GitHub repository](https://github.com/samh4cks/CVE-2023-27163-InternalProber).

**Author:** Samarth Dad ([samh4cks](https://twitter.com/samh4cks))

**Contact:** samarth.webappsec@gmail.com
File Snapshot

 [4.0K]  /data/pocs/05f82c65eeb8cbd5f1af035c46e873dd160bf3d0
├── [3.7K]  CVE-2023-27163.py
├── [  61]  gitops.sh
├── [1.0K]  LICENSE
├── [2.0K]  README.md
└── [  17]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.