## https://sploitus.com/exploit?id=19685AFF-3DA0-5C83-AA86-6C5F8D0D0687
# CVE-2023-27163 - Request-Baskets SSRF Proof of Concept
This is a proof-of-concept (PoC) exploit and a localhost port bruteforcer for **CVE-2023-27163**, a server-side request forgery (SSRF) vulnerability in [Request-Baskets](https://github.com/darklynx/request-baskets).
The PoC abuses the forward_url parameter to perform a brute-force scan of active services bound to the local interface.
Once discovered, these services can then be accessed by the attacker through the vulnerable forwarding mechanism.
---
## Description
- CVE: [CVE-2023-27163](https://nvd.nist.gov/vuln/detail/CVE-2023-27163)
- Affected: Request-Baskets
- Impact: Allows an attacker to trigger SSRF to internal addresses
---
## Requirements
- Python 3.x
- `requests` library
```bash
pip install requests
```
## Usage
```bash
python3 CVE-2023-27163.py -u https://TARGET_URL -b BASKET_NAME -p ports.txt
```