Skip to content

cowsecurity/CVE-2023-27163

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

CVE-2023-27163.py

CVE-2023-27163.py

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

CVE-2023-27163

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Installation

git clone https://github.com/0xFTW/CVE-2023-27163

cd CVE-2023-27163

pip3 install -r requirements.txt

Usage

python3 CVE-2023-27163.py url attack_server

Exploit Request Baskets Script

positional arguments:

url main path (/) of the server (eg. http://127.0.0.1:5000/)

attack_server ATTACK_SERVER

options:
-h, --help     show this help message and exit

About

CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages