CVE-2024-23334 PoC — aiohttp 路径遍历漏洞

Source

Associated Vulnerability

Description

aiohttp LFI (CVE-2024-23334)

Readme

# CVE-2024-23334 PoC

## Description
This repository contains a Proof of Concept (PoC) for CVE-2024-23334, demonstrating how malicious actors can exploit vulnerabilities in aiohttp using LFI .

> [!CAUTION]
> Disclaimer: IMPORTANT: This PoC is for educational purposes only. Unauthorized access to computer systems and networks is illegal !!!

## Installation
1. Clone the repository:
   ```bash
   git clone https://github.com/jhonnybonny/CVE-2024-23334
   cd CVE-2024-23334
   python3 -m venv .env
   chmod +x ./.env/bin/activate
   source ./.env/bin/activate
   pip3 install -r requirements.txt
   ```
2.Start the server:
   ```bash
   python3 server.py
   ```
![Screenshot 2024-03-19 at 18 47 09](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/2bb31fe4-2493-40d2-95b3-59744014fd1b)

3.Scanner:
   ```bash
   nuclei -t aiohttp.yaml -u http://localhost:8081
   ```
or
   ```bash
   nuclei -t aiohttp.yaml -l aiohttp.csv
   ```
![Screenshot 2024-03-19 at 18 41 07](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/81d2ced7-b69f-4e53-9bf4-a200c61434d4)

3.Exploit:
   ```bash
   python3 exploit.py -s http://localhost:8081
   ```
![Screenshot 2024-03-19 at 18 45 47](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/7d17ef82-2a5a-4198-9d49-5b569c38deaa)

File Snapshot

 [4.0K]  /data/pocs/f45a2e79d9dfbcde7d5273daa98f1ecb30cf1806
├── [ 819]  aiohttp.yaml
├── [1022]  exploit.py
├── [1.3K]  README.md
├── [  15]  requirements.txt
└── [ 637]  server.py

0 directories, 5 files

Remarks