Example of how CVE-2023-43804 works with real python code.# PoC
Example of how CVE-2023-43804 works with real python code.
Explaining `CVE-2023-43804/server.py` and `CVE-2023-43804/example.py`
In `server.py` I created a simple website that redirects you to google.com, so make sure to run `server.py` first before trying `example.py`.
In `example.py` I added a cookie to the request header, so when you try to request `http://127.0.0.1:5000/` (it's a local website we created via `python server.py`) you will be redirected to google.com, after that when reading `Cookies` you will find that your cookies been redirected too to be with your cookies on google.com.
This bug is fixed on URLLIB3 2.0.6, having any older version may expose to attackers.
# Support
If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.
<a href="https://www.buymeacoffee.com/jawadpy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
[4.0K] /data/pocs/c08db123b150a6e255abfd89b57a06d488cb84a7
├── [4.0K] CVE-2023-43804
│ ├── [ 605] example.py
│ └── [ 232] server.py
└── [1.1K] README.md
1 directory, 3 files