CVE-2023-27163 This is a PoC for CVE-2023-27163 which is a SSRF vulnerability present in request-baskets upto v1.2.1. This vulnerability allows attackers to access sensitive network resources via /api/baskets/{name}. The request-baskets contains a functionality where a user can specify another server to forward the requests. The issue here is that the user can also specify unintended services, such as network-closed internal applications. Usage “` $ python3 CVE-2023-27163.py –help Usage: python3 CVE-2023-27163.py Arguments: URL main path (/) of the server (eg. https://node-app:55555) TARGET r-baskets target server (eg. https://127.0.0.1:80) “` References https://github.com/darklynx/request-baskets https://notes.sjtu.edu.cn/s/MUUhEymt7 https://nvd.nist.gov/vuln/detail/CVE-2023-27163…Read More