Skip to content

jhonnybonny/CVE-2024-23334

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
aiohttp.yaml
aiohttp.yaml
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

Repository files navigation

CVE-2024-23334 PoC

Description

This repository contains a Proof of Concept (PoC) for CVE-2024-23334, demonstrating how malicious actors can exploit vulnerabilities in aiohttp using LFI .

Caution

Disclaimer: IMPORTANT: This PoC is for educational purposes only. Unauthorized access to computer systems and networks is illegal !!!

Installation

  1. Clone the repository: 
    git clone https://github.com/jhonnybonny/CVE-2024-23334
cd CVE-2024-23334
python3 -m venv .env
chmod +x ./.env/bin/activate
source ./.env/bin/activate
pip3 install -r requirements.txt

2.Start the server:

python3 server.py

Screenshot 2024-03-19 at 18 47 09

3.Scanner:

nuclei -t aiohttp.yaml -u http://localhost:8081

or

nuclei -t aiohttp.yaml -l aiohttp.csv

Screenshot 2024-03-19 at 18 41 07

3.Exploit:

python3 exploit.py -s http://localhost:8081

Screenshot 2024-03-19 at 18 45 47

About

aiohttp LFI (CVE-2024-23334)

Resources

Readme
Activity

Stars

22 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages