## https://sploitus.com/exploit?id=8E6925DF-57A1-57F0-89BC-D5C7DCF68390
# Intro
Python 3.11 through 3.11.4, there's a problem with the os.path.normpath() function where you can cut off the path unexpectedly with `normpath()`.
### What is `normpath()`?
*os.path.normpath()* method in Python is used to normalize the specified path. All redundant separator and up-level references are collapsed in the process of path normalization.
For example: A//B, A/B/, A/./B and A/foo/../B all will be normalized to A/B.
- [GeekforGeeks](https://www.geeksforgeeks.org/python-os-path-normpath-method/)
# PoC
Let's break down `example.py` to understand whats what
Importing the bult in function `path`.
```python
from os import path
```
normalizing the path but we add `\0` at first
```python
normalized_path = path.normpath('\0')
```
here we print the new path
```python
print(normalized_path)
```
and output will be
![image](https://github.com/JawadPy/CVE-2023-41105-Exploit/assets/98477272/4f684e43-21e4-47bc-9184-b12d22d6d2e9)
Now instead of using `\0` I will replace it with `\0\images\anything.png`
![image](https://github.com/JawadPy/CVE-2023-41105-Exploit/assets/98477272/3e7bbae4-75c0-4e8f-8aa5-4de5e563f264)
This directly switching the path to root path instead of normalize the specified path. It's for sure critical when it comes to websites and so on...
# Support
If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.
<a href="https://www.buymeacoffee.com/jawadpy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>