Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-27163 PoC — request-baskets 代码问题漏洞

Source
https://github.com/0xFTW/CVE-2023-27163
Associated Vulnerability
Title:request-baskets 代码问题漏洞 (CVE-2023-27163)
Description:request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Description
CVE-2023-27163  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
Readme
# CVE-2023-27163

>  Request-Baskets v1.2.1 - Server-side request forgery (SSRF)


request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.


## Installation

```
git clone https://github.com/0xFTW/CVE-2023-27163

cd CVE-2023-27163

pip3 install -r requirements.txt
```

## Usage

---
    python3 CVE-2023-27163.py url attack_server

Exploit Request Baskets Script

positional arguments:
> url            main path (/) of the server (eg. http://127.0.0.1:5000/)
  
> attack_server  ATTACK_SERVER

    options:
    -h, --help     show this help message and exit
---
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →