Giters

mathias-mrsn / request-baskets-v121-ssrf

Server-Side Request Forgery exploit for Request Baskets up to version 1.2.1

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

exploitpython3ssrfvulnerability

SSRF Vulnerability Exploit for Request-Baskets (CVE-2023-27163)

This repository presents an exploit demonstrating the Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2023-27163 in the request-baskets project, up to version 1.2.1. Exploiting this vulnerability enables attackers to forward HTTP requests to an internal/private HTTP service.

How It Operates ?

This exploit calls the API component /api/baskets/{name}. This component creates a new basket with a specified name. This component initiates a POST request with a specified body schema.

{
  "forward_url": "https://myservice.example.com/events-collector",
  "proxy_response": false,
  "insecure_tls": false,
  "expand_path": true,
  "capacity": 250
}

If we change the forward_url to a local service and set the proxy_response to true, we can create a local proxy for HTTP requests on the targeted machine.

Usage

wget https://raw.githubusercontent.com/mathias-mrsn/CVE-2023-27163/master/exploit.py
python3 exploit.py <public_url> <targeted_url>

This exploit has been coded for the HTB machine Sau.

About

Server-Side Request Forgery exploit for Request Baskets up to version 1.2.1

exploitpython3ssrfvulnerability

Languages

Language:Python 100.0%