Giters

0xFTW / CVE-2023-27163

CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-27163

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Installation

git clone https://github.com/0xFTW/CVE-2023-27163

cd CVE-2023-27163

pip3 install -r requirements.txt

Usage

python3 CVE-2023-27163.py url attack_server

Exploit Request Baskets Script

positional arguments:

url main path (/) of the server (eg. http://127.0.0.1:5000/)

attack_server ATTACK_SERVER

options:
-h, --help     show this help message and exit

About

CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Languages

Language:Python 100.0%