关联漏洞
标题:
aiohttp 路径遍历漏洞
(CVE-2024-23334)
描述:aiohttp是一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.9.2之前版本存在路径遍历漏洞,该漏洞源于当follow_symlinks设置为 True 时,不会进行检查读取的文件是否位于根目录内,这可能会导致目录遍历漏洞。
描述
Expolit for CVE-2024-23334 (aiohttp >= 1.0.5> && <=3.9.1)
介绍
# CVE-2024-23334 Exploit and PoC
This repository contains a Proof of Concept (PoC) exploit for CVE-2024-23334, demonstrating a vulnerability in a web application that allows unauthorized access to sensitive files on the server. The PoC includes a Dockerized web server and an exploit script to test for the vulnerability.
## Repository Structure
```plaintext
.
├── .gitattributes
├── .git/
├── Dockerfile
├── exploit.py
├── requirements.txt
├── server.py
├── static/
│ └── safe_file.txt
└── test.log
```
## Files and Directories
- **Dockerfile**: Docker configuration file to build and run the vulnerable web server.
- **exploit.py**: The exploit script that demonstrates how the vulnerability can be exploited to access sensitive files on the server.
- **server.py**: The vulnerable web server implemented using `aiohttp`.
- **requirements.txt**: List of Python dependencies required to run the server and exploit script.
- **static/**: Directory containing a safe file to serve as a placeholder for legitimate static content.
- **test.log**: Log file generated during testing (example content, not crucial for the exploit).
## Getting Started
### Prerequisites
- Docker
- Python 3.10+
- `pip` (Python package installer)
### Setup
1. **Clone the repository**
```bash
git clone https://github.com/binaryninja/CVE-2024-23334.git
cd CVE-2024-23334
```
2. **Build and Run the Docker Container**
```bash
docker build -t cve-2024-23334 .
docker run -p 8081:8081 cve-2024-23334
```
The server will start and be accessible at `http://localhost:8081`.
3. **Run the Exploit Script**
```bash
python exploit.py -s http://localhost:8081 -v -o results.json
```
This command runs the exploit script against the running server, with verbose output and results saved to `results.json`.
### Server.py
The `server.py` file sets up a vulnerable web server using `aiohttp`. The server exposes a static file directory and includes an endpoint `/` that returns a simple text response.
### Exploit.py
The `exploit.py` script sends requests to the server to test for the vulnerability. It attempts to access various sensitive files by traversing the directory structure using path manipulation techniques. The results, including any successfully accessed files and their contents, are logged and optionally saved to a JSON file.
### Example Usage
#### Build and Run the Docker Container
```bash
docker build -t cve-2024-23334 .
docker run -p 8081:8081 cve-2024-23334
```
#### Execute the Exploit Script
```bash
python exploit.py -s http://localhost:8081 -v -o results.json
```
#### Output
The script will output the results of the exploit attempts to the console and save detailed results in `results.json`.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Disclaimer
This repository is for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by the use or misuse of this software.
## Contributions
Contributions are welcome! Please submit a pull request or open an issue to discuss any changes.
文件快照
[4.0K] /data/pocs/14cd6b5f20070d67a681c52c47f97b22ea67f17c
├── [ 431] Dockerfile
├── [7.5K] exploit.py
├── [3.1K] README.md
├── [ 15] requirements.txt
├── [ 634] server.py
└── [4.0K] static
└── [ 20] safe_file.txt
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。