Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source
https://github.com/samh4cks/CVE-2023-27163-InternalProber
Associated Vulnerability
Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Description
A tool to perform port scanning using vulnerable Request-Baskets
Readme
# CVE-2023-27163-InternalProber

![GitHub License](https://img.shields.io/github/license/samh4cks/CVE-2023-27163-InternalProber)

`CVE-2023-27163-InternalProber` is a powerful tool designed to help you to create a request basket and perform port scanning. It automates the creation of new basket and then change the configuration for each port to perform port scanning on the internal IP address. By leveraging this tool, you can efficiently discover potential security vulnerability by port scanning.

## Features

- Quickly scan ports in a specified range on a target's internal network.
- No output file is created, only the open port URLs are printed.

## Installation 

1. Make sure you have Python 3.x installed on your system.
2. Clone this repository or download the script directly.
3. Open a terminal and navigate to the script's directory.

## Usage

```sh
python internal_port_scanner.py -t <target_url> -i <internal_ip>
```

### Flags

- `-t` or `--target`: Specify the target URL to perform port scanning on.
- `-i` or `--internal-ip`: Specify the internal IP address for port configuration.

## How It Works

1. Creates a random basket to establish communication with the target.
2. Iterates through the specified port range, configuring the basket for each port.
3. Checks if the basket's URL is reachable. If reachable, an open port is detected.

## Contributions

Contributions are welcome! If you find a bug or want to suggest an improvement, please open an issue or submit a pull request.

## License

This project is licensed under the [MIT License](LICENSE).

---

**Disclaimer:** This tool is designed for educational and security research purposes. Use it responsibly and only on web applications you have permission to test. The developers are not responsible for any unauthorized or illegal use of this tool.

For more information, please refer to the [GitHub repository](https://github.com/samh4cks/CVE-2023-27163-InternalProber).

**Author:** Samarth Dad ([samh4cks](https://twitter.com/samh4cks))

**Contact:** samarth.webappsec@gmail.com
File Snapshot

 [4.0K]  /data/pocs/05f82c65eeb8cbd5f1af035c46e873dd160bf3d0
├── [3.7K]  CVE-2023-27163.py
├── [  61]  gitops.sh
├── [1.0K]  LICENSE
├── [2.0K]  README.md
└── [  17]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →