HTB_Labs:Sau
📰 Medium · Cybersecurity
Learn how to exploit a Server-Side Request Forgery (SSRF) vulnerability in Request-Baskets version 1.2.1 to access sensitive information
Action Steps
- Run a nmap scan to identify open ports and running services on a target machine
- Identify the version of Request-Baskets running on the target machine
- Exploit the SSRF vulnerability in Request-Baskets version 1.2.1 using the `/api/baskets/{name}` endpoint
- Use the `forward_url` parameter to interact with restricted internal network resources and access sensitive information
- Analyze the results of the exploit to identify potential security risks and vulnerabilities
Who Needs to Know This
This article is relevant to cybersecurity professionals and penetration testers who want to learn about exploiting SSRF vulnerabilities in web applications. It can help them improve their skills in identifying and exploiting vulnerabilities, and enhance their knowledge of web application security.
Key Insight
💡 SSRF vulnerabilities can be exploited to access sensitive information and interact with restricted internal network resources
Share This
🚨 Exploit SSRF vulnerability in Request-Baskets 1.2.1 to access sensitive info 🚨
Key Takeaways
Learn how to exploit a Server-Side Request Forgery (SSRF) vulnerability in Request-Baskets version 1.2.1 to access sensitive information
Full Article
Title: HTB_Labs:Sau
URL Source: https://medium.com/@sethiuddhav/htb-labs-sau-6ddfd5bc1922?source=rss------cybersecurity-5
Published Time: 2026-06-19T05:59:26Z
Markdown Content:
# HTB_Labs:Sau. Enumeration | by Uddhav Sethi | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# HTB_Labs:Sau
[](https://medium.com/@sethiuddhav?source=post_page---byline--6ddfd5bc1922---------------------------------------)
[Uddhav Sethi](https://medium.com/@sethiuddhav?source=post_page---byline--6ddfd5bc1922---------------------------------------)
Follow
6 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&user=Uddhav+Sethi&userId=c82ff8e6b08d&source=---header_actions--6ddfd5bc1922---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&user=Uddhav+Sethi&userId=c82ff8e6b08d&source=---header_actions--6ddfd5bc1922---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=---header_actions--6ddfd5bc1922---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=---header_actions--6ddfd5bc1922---------------------post_audio_button------------------)
Share
## Enumeration
Press enter or click to view image in full size

I ran a nmap scan which revealed ssh and a web service running.
Press enter or click to view image in full size

Request-Baskets version 1.2.1 contains a critical Server-Side Request Forgery (SSRF) vulnerability via the `/api/baskets/{name}` endpoint. This flaw permits unauthenticated attackers to abuse the `forward_url` parameter, enabling them to interact with restricted internal network resources and access sensitive information.
Vulnerability Overview
* Vulnerability Type: Server-Side Request Forgery (SSRF)
* Affected Versions: `request-baskets <= 1.2.1`
* Assigned CVE: CVE-2023–27163
SSRF is cal
URL Source: https://medium.com/@sethiuddhav/htb-labs-sau-6ddfd5bc1922?source=rss------cybersecurity-5
Published Time: 2026-06-19T05:59:26Z
Markdown Content:
# HTB_Labs:Sau. Enumeration | by Uddhav Sethi | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# HTB_Labs:Sau
[](https://medium.com/@sethiuddhav?source=post_page---byline--6ddfd5bc1922---------------------------------------)
[Uddhav Sethi](https://medium.com/@sethiuddhav?source=post_page---byline--6ddfd5bc1922---------------------------------------)
Follow
6 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&user=Uddhav+Sethi&userId=c82ff8e6b08d&source=---header_actions--6ddfd5bc1922---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&user=Uddhav+Sethi&userId=c82ff8e6b08d&source=---header_actions--6ddfd5bc1922---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=---header_actions--6ddfd5bc1922---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D6ddfd5bc1922&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sethiuddhav%2Fhtb-labs-sau-6ddfd5bc1922&source=---header_actions--6ddfd5bc1922---------------------post_audio_button------------------)
Share
## Enumeration
Press enter or click to view image in full size

I ran a nmap scan which revealed ssh and a web service running.
Press enter or click to view image in full size

Request-Baskets version 1.2.1 contains a critical Server-Side Request Forgery (SSRF) vulnerability via the `/api/baskets/{name}` endpoint. This flaw permits unauthenticated attackers to abuse the `forward_url` parameter, enabling them to interact with restricted internal network resources and access sensitive information.
Vulnerability Overview
* Vulnerability Type: Server-Side Request Forgery (SSRF)
* Affected Versions: `request-baskets <= 1.2.1`
* Assigned CVE: CVE-2023–27163
SSRF is cal
DeepCamp AI