### [CVE-2023-27163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27163)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

### POC

#### Reference
- http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.html
- http://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html
- https://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3

#### Github
- https://github.com/0xFTW/CVE-2023-27163
- https://github.com/Aledangelo/Sau_Writeup
- https://github.com/Hamibubu/CVE-2023-27163
- https://github.com/HusenjanDev/CVE-2023-27163-AND-Mailtrail-v0.53
- https://github.com/JustKhal/HackTheBox-Sau
- https://github.com/KharimMchatta/basketcraft
- https://github.com/MasterCode112/CVE-2023-27163
- https://github.com/Rubioo02/CVE-2023-27163
- https://github.com/ThickCoco/CVE-2023-27163-POC
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/cowsecurity/CVE-2023-27163
- https://github.com/davuXVI/CVE-2023-27163
- https://github.com/entr0pie/CVE-2023-27163
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/hadrian3689/requests-baskets_1.2.1
- https://github.com/josephberger/CVE-2023-27163
- https://github.com/madhavmehndiratta/CVE-2023-27163
- https://github.com/mathias-mrsn/request-baskets-v121-ssrf
- https://github.com/mathias-mrsn/sau
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/overgrowncarrot1/CVE-2023-27163
- https://github.com/rvizx/CVE-2023-27163
- https://github.com/samh4cks/CVE-2023-27163-InternalProber
- https://github.com/seanrdev/cve-2023-27163
- https://github.com/thomas-osgood/CVE-2023-27163