关联漏洞
标题:
request-baskets 代码问题漏洞
(CVE-2023-27163)
描述:request-baskets是rbaskets开源的一个Web服务。 request-baskets v1.2.1版本及之前版本存在安全漏洞,该漏洞源于通过组件/api/baskets/{name}发现包含服务器端请求伪造 (SSRF)漏洞。攻击者利用该漏洞通过特制的API请求访问网络资源和敏感信息。
描述
Request Baskets vulnerable exploit to Server-Side Request Forgery up to version 1.2.1
介绍
# SSRF Vulnerability Exploit for Request-Baskets (CVE-2023-27163)
This repository presents an exploit demonstrating the Server-Side Request Forgery (SSRF) vulnerability identified as [CVE-2023-27163](https://nvd.nist.gov/vuln/detail/CVE-2023-27163) in the [request-baskets](https://github.com/darklynx/request-baskets) project, up to [version 1.2.1](https://github.com/advisories/GHSA-58g2-vgpg-335q). Exploiting this vulnerability enables attackers to forward HTTP requests to an internal/private HTTP service.
## How It Operates ?
This exploit calls the API component `/api/baskets/{name}`. This component creates a new basket with a specified name. This component initiates a POST request with a specified body schema.
```json
{
"forward_url": "https://myservice.example.com/events-collector",
"proxy_response": false,
"insecure_tls": false,
"expand_path": true,
"capacity": 250
}
```
If we change the `forward_url` to a local service and set the `proxy_response` to `true`, we can create a local proxy for HTTP requests on the targeted machine.
## Usage
```shell
wget https://raw.githubusercontent.com/mathias-mrsn/CVE-2023-27163/master/exploit.py
python3 exploit.py <public_url> <targeted_url>
```
---
This exploit has been coded for the HTB machine `Sau`.
文件快照
[4.0K] /data/pocs/85cf0fc252dd18e3af25c3a4a7e413b723b820f6
├── [1.3K] exploit.py
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。