CVE-2023-24329

The repository contains functional exploit code for CVE-2023-24329, demonstrating a URL parsing bypass in Python's urllib.parse before version 3.11.4. The PoC shows how leading whitespace in a URL can bypass blocked list checks due to incorrect normalization.

This repository contains a functional exploit PoC for CVE-2023-24329, demonstrating a parser differential vulnerability in Python's urllib.parse.urlparse() that allows bypass of URL scheme filters. The lab includes a vulnerable API, an internal service, and an attacker script to showcase local file read and SSRF attacks.

This repository demonstrates a URL parsing bypass in Python's urllib.parse (CVE-2023-24329) where leading whitespace in a URL circumvents blocked list checks. The PoC shows how a URL with leading spaces evades detection by urllib.parse.urlparse().geturl().

The repository contains a functional PoC for CVE-2023-24329, demonstrating a URL parsing vulnerability in Python's urllib.parse. The exploit shows how leading whitespace or '+' characters can bypass hostname blocking checks, potentially leading to SSRF.

This PoC demonstrates CVE-2023-24329, a Python urllib parsing flaw where leading spaces in URLs bypass blocklists for schemes and hostnames. It includes a functional exploit that checks Python version vulnerability and allows testing of bypass techniques.