CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source

Associated Vulnerability

Description

CVE-2023-27163 Request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. This POC utilizes the SSRF to perfrom RCE.

Readme

# CVE-2023-27163
CVE-2023-27163 Request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. This POC utilizes the SSRF to perfrom RCE.

This Python script exploits a Server-Side Request Forgery (SSRF) vulnerability (CVE-2023-27163) in Request Baskets versions up to 1.2.1. The vulnerability allows an attacker to create a basket via the /api/baskets/{name} endpoint, configuring it to forward HTTP requests to an internal or restricted service (e.g., http://localhost:8000). By chaining the SSRF with a Remote Code Execution (RCE) vulnerability in the internal service, the script injects a payload to establish a reverse shell.


Note: The script requires the attacker to have access to a local server that can serve a payload (e.g., a reverse shell script).

This was tested on the box "Sau" from HTB


![CVE-2023-27163 Exploit GIF](./CVE-2023-27163.gif)

File Snapshot

 [4.0K]  /data/pocs/e6683f2647902674463732e4a19faa390e7bbdfd
├── [779K]  CVE-2023-27163.gif
├── [3.3K]  exploit.py
├── [1.0K]  README.md
└── [  47]  shell.sh

0 directories, 4 files

Remarks