Share
## https://sploitus.com/exploit?id=679AAE24-9476-548E-816A-CC27F0117A7E
# CVE-2024-23334 PoC
## Description
This repository contains a Proof of Concept (PoC) for CVE-2024-23334, demonstrating how malicious actors can exploit vulnerabilities in aiohttp using LFI .
> [!CAUTION]
> Disclaimer: IMPORTANT: This PoC is for educational purposes only. Unauthorized access to computer systems and networks is illegal !!!
## Installation
1. Clone the repository:
```bash
git clone https://github.com/jhonnybonny/CVE-2024-23334
cd CVE-2024-23334
python3 -m venv .env
chmod +x ./.env/bin/activate
source ./.env/bin/activate
pip3 install -r requirements.txt
```
2.Start the server:
```bash
python3 server.py
```
![Screenshot 2024-03-19 at 18 47 09](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/2bb31fe4-2493-40d2-95b3-59744014fd1b)
3.Scanner:
```bash
nuclei -t aiohttp.yaml -u http://localhost:8081
```
or
```bash
nuclei -t aiohttp.yaml -l aiohttp.csv
```
![Screenshot 2024-03-19 at 18 41 07](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/81d2ced7-b69f-4e53-9bf4-a200c61434d4)
3.Exploit:
```bash
python3 exploit.py -s http://localhost:8081
```
![Screenshot 2024-03-19 at 18 45 47](https://github.com/jhonnybonny/CVE-2024-23334/assets/87495218/7d17ef82-2a5a-4198-9d49-5b569c38deaa)