Share
## https://sploitus.com/exploit?id=EAD6959B-6285-5E2B-A919-E7FC78CA104A
# CVEโ€‘2024โ€‘23334 (Path Traversal) - PoC

I created this script to automate the exploitation of **CVEโ€‘2024โ€‘23334** on the Hack The Box [Chemistry](https://www.hackthebox.com/machines/chemistry) machine.

This vulnerability affects **aiohttp versions โ‰ฅ 1.0.5 and < 3.9.2** when the application is configured to serve static files with `follow_symlinks=True`, allowing remote directory traversal and unauthorized access to arbitrary files on the server.

![PoC](Images/Image1.png)

![PoC](Images/Image2.png)