Exploit for Path Traversal in Aiohttp CVE-2024-23334

## https://sploitus.com/exploit?id=679AAE24-9476-548E-816A-CC27F0117A7E
# CVE-2024-23334 PoC

## Description
This repository contains a Proof of Concept (PoC) for CVE-2024-23334, demonstrating how malicious actors can exploit vulnerabilities in aiohttp using LFI .

> [!CAUTION]
> Disclaimer: IMPORTANT: This PoC is for educational purposes only. Unauthorized access to computer systems and networks is illegal !!!

## Installation
1. Clone the repository:
   ```bash
   git clone https://github.com/jhonnybonny/CVE-2024-23334
   cd CVE-2024-23334
   python3 -m venv .env
   chmod +x ./.env/bin/activate
   source ./.env/bin/activate
   pip3 install -r requirements.txt
   ```
2.Start the server:
   ```bash
   python3 server.py
   ```
![Screenshot 2024-03-19 at 18 47 09](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/2bb31fe4-2493-40d2-95b3-59744014fd1b)

3.Scanner:
   ```bash
   nuclei -t aiohttp.yaml -u http://localhost:8081
   ```
or
   ```bash
   nuclei -t aiohttp.yaml -l aiohttp.csv
   ```
![Screenshot 2024-03-19 at 18 41 07](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/81d2ced7-b69f-4e53-9bf4-a200c61434d4)

3.Exploit:
   ```bash
   python3 exploit.py -s http://localhost:8081
   ```
![Screenshot 2024-03-19 at 18 45 47](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/7d17ef82-2a5a-4198-9d49-5b569c38deaa)