Share 
## https://sploitus.com/exploit?id=6808FB23-1224-5314-BBED-537742A9E382
# CVE-2023-30861 PoC (Proof of Concept)

> ⚠️ **주의 (CAUTION)**  
> 이 ν”„λ‘œμ νŠΈλŠ” Flask의 CVE-2023-30861 취약점을 μž¬ν˜„ν•˜κΈ° μœ„ν•œ λͺ©μ μ˜ PoCμž…λ‹ˆλ‹€.  
> **μ ˆλŒ€λ‘œ 인터넷에 λ…ΈμΆœλœ ν™˜κ²½μ—μ„œ μ‹€ν–‰ν•˜μ§€ λ§ˆμ„Έμš”.**  
> μ™ΈλΆ€ 접근이 κ°€λŠ₯ν•œ λ„€νŠΈμ›Œν¬μ— μ—°κ²°λ˜λ©΄ μ‹€μ œ 곡격에 μ•…μš©λ  수 μžˆμŠ΅λ‹ˆλ‹€.

> ⚠️ **WARNING**  
> This project is a Proof of Concept (PoC) for demonstrating CVE-2023-30861 in Flask.  
> **Do NOT run this on a publicly accessible environment.**  
> Exposure to the internet may lead to real-world exploitation.

---

## πŸ“¦ ν”„λ‘œμ νŠΈ κ°œμš” (Project Overview)

Flask와 reverse proxy μΊμ‹œ μ„œλ²„ κ°„μ˜ μ„Έμ…˜ 처리 였λ₯˜λ‘œ 인해 λ°œμƒν•˜λŠ” λ³΄μ•ˆ 취약점을 ν…ŒμŠ€νŠΈν•˜λŠ” ν™˜κ²½μ„ μ œκ³΅ν•©λ‹ˆλ‹€.  
Docker 기반의 둜컬 ν™˜κ²½μ—μ„œ μ•ˆμ „ν•˜κ²Œ μž¬ν˜„ν•˜μ„Έμš”.

This PoC sets up a safe, local Docker environment to reproduce a vulnerability caused by improper session handling between Flask and a reverse proxy cache server.


## πŸš€ μ‚¬μš©λ²• (How to Use)

### 1. μ‹€ν–‰ (Start)

```bash
chmod u+x ./app_build.sh
./app_build.sh
```

### 2. μ’…λ£Œ 및 정리 (Stop & Clean)

``` bash
docker compose rm -f
docker image prune -a
```

## πŸ§ͺ API ν…ŒμŠ€νŠΈ (API Testing)

HTTP μš”μ²­ μ˜ˆμ‹œλŠ” `test.http` νŒŒμΌμ„ μ°Έκ³ ν•˜μ„Έμš”.

Use the `test.http` file to test and validate the PoC behavior using REST clients like VS Code REST Client or Postman.

## βœ… ꢌμž₯ μ‹€ν–‰ ν™˜κ²½ (Recommended Execution Environment)

Docker & Docker Compose

Linux/MacOS (or WSL2 for Windows)

Local-only network (no public IP or domain exposed)

## πŸ’‘ μ°Έκ³  (Note)

이 PoCλŠ” ν•™μŠ΅ 및 뢄석 λͺ©μ μ΄λ©°, μ–΄λ–€ 곡격에도 μ‚¬μš©ν•΄μ„œλŠ” μ•ˆ λ©λ‹ˆλ‹€.
This PoC is for educational and security research purposes only.
Do not use it for malicious activities.