CVE-2024-23334

This is a functional proof-of-concept exploit for CVE-2024-23334, demonstrating a directory traversal vulnerability in aiohttp when configured to serve static files with follow_symlinks=True. The script is designed for local testing and includes safety checks to prevent misuse.

This repository contains a functional PoC for CVE-2024-23334, demonstrating an LFI vulnerability in aiohttp via path traversal attacks. It includes an exploit script, a Nuclei template for detection, and a test server to validate the vulnerability.

This repository contains a functional proof-of-concept for CVE-2024-23334, a path traversal vulnerability in AioHTTP <= 3.9.1. The exploit script iteratively tests path traversal sequences to access sensitive files (e.g., /etc/passwd) via a vulnerable static file route.

The repository lacks actual exploit code and instead provides a basic aiohttp server setup with no clear demonstration of CVE-2024-23334. The README is vague and directs users to an external YouTube video for details, which is a common tactic in suspicious repos.

This repository contains a functional Python exploit for CVE-2024-23334, an LFI/path traversal vulnerability in aiohttp <= 3.9.1. The exploit leverages the `follow_symlinks=True` misconfiguration to traverse directories and read arbitrary files.

The repository contains a functional bash script that exploits a Local File Inclusion (LFI) vulnerability in aiohttp 3.9.1 by leveraging the 'follow_symlinks' option to bypass directory traversal restrictions. The script automates the process of sending payloads with increasing '../' sequences to access arbitrary files on the target system.

This repository contains a functional exploit for CVE-2024-23334, targeting a path traversal vulnerability in aiohttp's static file handling. The exploit collects domains from certstream, checks for vulnerable servers, and attempts to read /etc/passwd via crafted requests.

This repository contains a functional Bash script that automates Local File Inclusion (LFI) attacks on vulnerable aiohttp servers by exploiting CVE-2024-23334. The script uses directory traversal techniques to access arbitrary files on the system.

This repository contains a functional proof-of-concept for CVE-2024-23334, demonstrating a Local File Inclusion (LFI) vulnerability in aiohttp due to improper handling of symlinks in static file serving. The exploit uses path traversal techniques to access sensitive files like /etc/passwd.

The repository contains a functional exploit script for CVE-2024-23334, which appears to be a directory traversal vulnerability. The exploit uses a bash script to craft a malicious path and retrieve arbitrary files from the target server via a vulnerable endpoint.

The repository contains a functional exploit script for CVE-2024-23334, which appears to be a directory traversal vulnerability. The script uses a series of '../' sequences to access files outside the intended directory, suggesting an improper path sanitization issue in the target software.

The repository contains a functional exploit script for CVE-2024-23334, which appears to be a directory traversal vulnerability. The script uses a path traversal technique to access arbitrary files on the target system by manipulating the URL path.

This repository contains a functional Python-based PoC for CVE-2024-23334, a path traversal vulnerability. The exploit uses `curl` to send crafted HTTP requests with `../` sequences to access files outside the intended directory, targeting a local server on port 8081.

This repository contains a functional bash script that exploits a path traversal vulnerability in the aiohttp Python library (CVE-2024-23334). The script iteratively appends '../' sequences to a base URL to access sensitive files, such as SSH keys or system files, and retrieves their contents if a 200 OK response is received.

This repository contains a functional Python script that exploits CVE-2024-23334, a path traversal vulnerability in aiohttp versions ≥ 1.0.5 and < 3.9.2. The script sends a crafted HTTP request to retrieve arbitrary files from the server by manipulating the path parameter.

This repository contains a functional Python script that exploits a path traversal vulnerability in the AioHTTP library (versions <= 3.9.1). The script iteratively appends '../' sequences to a known public directory (e.g., '/static/') to access arbitrary files, such as '/etc/passwd'.

This repository contains a functional exploit PoC for CVE-2024-23334, demonstrating a directory traversal vulnerability in a web application. The exploit script attempts to access sensitive files on the server using path manipulation techniques, while the server.py file sets up a vulnerable web server using aiohttp.

This repository contains a functional proof-of-concept exploit for CVE-2024-23334, demonstrating path traversal and local file inclusion (LFI) in the aiohttp library. It includes a Dockerized environment, exploit scripts, and detailed steps to reproduce the vulnerability via symlink manipulation and ZIP file uploads.