Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source
https://github.com/cowsecurity/CVE-2023-27163
Associated Vulnerability
Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Description
CVE-2023-27163  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
Readme
# CVE-2023-27163

>  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)


request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.


## Installation

```
git clone https://github.com/0xFTW/CVE-2023-27163

cd CVE-2023-27163

pip3 install -r requirements.txt
```

## Usage

---
    python3 CVE-2023-27163.py url attack_server

Exploit Request Baskets Script

positional arguments:
> url            main path (/) of the server (eg. http://127.0.0.1:5000/)
  
> attack_server  ATTACK_SERVER

    options:
    -h, --help     show this help message and exit
---
File Snapshot

 [4.0K]  /data/pocs/5ea812978fe66ce4af0ad637a4f8de4cb3d998fc
├── [2.4K]  CVE-2023-27163.py
├── [ 755]  README.md
└── [  17]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →