CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source

https://github.com/theopaid/CVE-2023-27163-Request-Baskets-Local-Ports-Bruteforcer

Associated Vulnerability

Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Description

PoC and internal port brute-forcer for CVE-2023-27163

Readme

# CVE-2023-27163 - Request-Baskets SSRF Proof of Concept

This is a proof-of-concept (PoC) exploit and a localhost port bruteforcer for **CVE-2023-27163**, a server-side request forgery (SSRF) vulnerability in [Request-Baskets](https://github.com/darklynx/request-baskets).

The PoC abuses the forward_url parameter to perform a brute-force scan of active services bound to the local interface.
Once discovered, these services can then be accessed by the attacker through the vulnerable forwarding mechanism.

---

## Description

- CVE: [CVE-2023-27163](https://nvd.nist.gov/vuln/detail/CVE-2023-27163)
- Affected: Request-Baskets
- Impact: Allows an attacker to trigger SSRF to internal addresses

---

## Requirements

- Python 3.x
- `requests` library
```bash
pip install requests
```

## Usage

```bash
python3 CVE-2023-27163.py -u https://TARGET_URL -b BASKET_NAME -p ports.txt
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!