CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source

https://github.com/cowsecurity/CVE-2023-27163

Associated Vulnerability

Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets是rbaskets开源的一个Web服务。 request-baskets v1.2.1版本及之前版本存在安全漏洞，该漏洞源于通过组件/api/baskets/{name}发现包含服务器端请求伪造 (SSRF)漏洞。攻击者利用该漏洞通过特制的API请求访问网络资源和敏感信息。

Description

CVE-2023-27163  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Readme

# CVE-2023-27163

>  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)


request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.


## Installation

```
git clone https://github.com/0xFTW/CVE-2023-27163

cd CVE-2023-27163

pip3 install -r requirements.txt
```

## Usage

---
    python3 CVE-2023-27163.py url attack_server

Exploit Request Baskets Script

positional arguments:
> url            main path (/) of the server (eg. http://127.0.0.1:5000/)
  
> attack_server  ATTACK_SERVER

    options:
    -h, --help     show this help message and exit
---

File Snapshot


 [4.0K]  /data/pocs/5ea812978fe66ce4af0ad637a4f8de4cb3d998fc
├── [2.4K]  CVE-2023-27163.py
├── [ 755]  README.md
└── [  17]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!