Request Baskets vulnerable exploit to Server-Side Request Forgery up to version 1.2.1# SSRF Vulnerability Exploit for Request-Baskets (CVE-2023-27163)
This repository presents an exploit demonstrating the Server-Side Request Forgery (SSRF) vulnerability identified as [CVE-2023-27163](https://nvd.nist.gov/vuln/detail/CVE-2023-27163) in the [request-baskets](https://github.com/darklynx/request-baskets) project, up to [version 1.2.1](https://github.com/advisories/GHSA-58g2-vgpg-335q). Exploiting this vulnerability enables attackers to forward HTTP requests to an internal/private HTTP service.
## How It Operates ?
This exploit calls the API component `/api/baskets/{name}`. This component creates a new basket with a specified name. This component initiates a POST request with a specified body schema.
```json
{
"forward_url": "https://myservice.example.com/events-collector",
"proxy_response": false,
"insecure_tls": false,
"expand_path": true,
"capacity": 250
}
```
If we change the `forward_url` to a local service and set the `proxy_response` to `true`, we can create a local proxy for HTTP requests on the targeted machine.
## Usage
```shell
wget https://raw.githubusercontent.com/mathias-mrsn/CVE-2023-27163/master/exploit.py
python3 exploit.py <public_url> <targeted_url>
```
---
This exploit has been coded for the HTB machine `Sau`.
[4.0K] /data/pocs/85cf0fc252dd18e3af25c3a4a7e413b723b820f6
├── [1.3K] exploit.py
└── [1.2K] README.md
0 directories, 2 files