关联漏洞
标题:
request-baskets 代码问题漏洞
(CVE-2023-27163)
描述:request-baskets是rbaskets开源的一个Web服务。 request-baskets v1.2.1版本及之前版本存在安全漏洞,该漏洞源于通过组件/api/baskets/{name}发现包含服务器端请求伪造 (SSRF)漏洞。攻击者利用该漏洞通过特制的API请求访问网络资源和敏感信息。
描述
A exploit for the CVE-2023-27163 (SSRF) vulnerability in the web application request-baskets (<= v.1.2.1)
介绍
# CVE-2023-27163
> [!WARNING]
> This is an educational project, I am not responsible for any use
# Exploit
Exploit for CVE-2023-27163, an SSRF vulnerability discovered in request-baskets in all versions below 1.2.1. This vulnerability allows attackers to exploit the /api/baskets/{name} component via a manipulated API request.
# What is it and how does it work?
Request-baskets is a web application created to collect and register requests in a path, called a basket. When creating it, the user can specify another server to forward the request to. [to learn more visit the official website](https://github.com/darklynx/request-baskets)
For example: The server is hosting Request-baskets on port `55555` and an http page on port 80 which can only be accessed from localhost. By creating a basket that forwards to `http://127.0.0.1:80`, the attacker can access the web server on port `80` from the attacking machine.
# Usage
```zsh
wget https://raw.githubusercontent.com/Rubioo02/CVE-2023-27163/main/CVE-2023-27163.sh
chmod +x CVE-2023-27163.sh
./CVE-2023-27163.sh -t <TARGET_URL> -a <ATTACKER_URL>
```
# BLOG
<https://rubioo02.github.io/>
文件快照
[4.0K] /data/pocs/744a403c8803c56f91a671f321f2e97416fef846
├── [3.7K] CVE-2023-27163.sh
├── [1.2K] LICENSE
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。