Example of how CVE-2023-43804 works with real python code.

Explaining CVE-2023-43804/server.py and CVE-2023-43804/example.py

In server.py I created a simple website that redirects you to google.com, so make sure to run server.py first before trying example.py.

In example.py I added a cookie to the request header, so when you try to request http://127.0.0.1:5000/ (it's a local website we created via python server.py) you will be redirected to google.com, after that when reading Cookies you will find that your cookies been redirected too to be with your cookies on google.com.

This bug is fixed on URLLIB3 2.0.6, having any older version may expose to attackers.

If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.