This repository presents an exploit demonstrating the Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2023-27163 in the request-baskets project, up to version 1.2.1. Exploiting this vulnerability enables attackers to forward HTTP requests to an internal/private HTTP service.
This exploit calls the API component /api/baskets/{name}
. This component creates a new basket with a specified name. This component initiates a POST request with a specified body schema.
{
"forward_url": "https://myservice.example.com/events-collector",
"proxy_response": false,
"insecure_tls": false,
"expand_path": true,
"capacity": 250
}
If we change the forward_url
to a local service and set the proxy_response
to true
, we can create a local proxy for HTTP requests on the targeted machine.
wget https://raw.githubusercontent.com/mathias-mrsn/CVE-2023-27163/master/exploit.py
python3 exploit.py <public_url> <targeted_url>
This exploit has been coded for the HTB machine Sau
.