Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets CVE-2023-27163

Name: Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets CVE-2023-27163
Rating: 5 (111 reviews)
2025-06-03 | CVSS 6.5
## https://sploitus.com/exploit?id=516FF58B-2BAE-596D-B1F1-7CE41A98E484
# CVE-2023-27163 PoC Exploit Code

This Python script is a Proof of Concept (PoC) for **CVE-2023-27163**, a Server-Side Request Forgery (SSRF) vulnerability in Request Basket.

### Code Description

The script automates the exploitation of CVE-2023-27163. It performs the following actions:

1.  **Generates a random basket name**: Creates a unique endpoint for interaction.
2.  **Creates a basket and retrieves an API token**: Interacts with the Request Basket API to set up a new basket and get the authorization token.
3.  **Configures the basket for SSRF**: Modifies the basket's configuration to forward incoming requests to an internal address (`127.0.0.1`) on a specified port.
4.  **Attempts to access internal ports**: It iterates through a predefined range of ports (75-81 by default), attempting to access services running on `localhost` of the vulnerable server via the configured basket.
5.  **Displays results**: If a service is found and returns a 200 OK status, it prints a message indicating the open port and the beginning of the response content.

This effectively allows an attacker to scan internal ports on the server hosting the vulnerable Request Basket instance.

### Configuration for Usage

To adapt this script for your own use, you may need to modify the following:

1.  **`IP_Vuln_Server`**:
    * Change the IP address and port `r'10.129.229.26:55555'` to match the target vulnerable Request Basket server.
    ```python
    IP_Vuln_Server = r'YOUR_TARGET_IP:PORT'
    ```

2.  **Port Range for Scanning** (Optional):
    * The script currently scans ports 75 through 81 (`range(75,82)`).
    * Adjust this range in the `main()` function if you want to scan different or a wider set of internal ports.
    ```python
    for i in range(START_PORT, END_PORT + 1): # e.g., range(1, 65536) for all ports
        ConfBasketAndFetchResp(headers, i)
    ```

3.  **`forward_url` in `ConfBasketAndFetchResp`** (Advanced/Specific Use Cases):
    * By default, it targets `http://127.0.0.1:{port}/`.
    * If you suspect other internal services on different paths or even other internal IP addresses reachable by the vulnerable server, you can modify the `forward_url` string. However, for the intended SSRF to scan `localhost`, `127.0.0.1` is usually correct.
    ```python
    json_config = {
        "forward_url": f"http://TARGET_INTERNAL_IP:{port}/TARGET_PATH",
        # ... other parameters
    }
    ```

Ensure you have the `requests` library installed (`pip install requests`). Use this PoC responsibly and only on systems you have explicit permission to test.