A proof of concept of the LFI vulnerability on aiohttp 3.9.1. The option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system.
bash lfi.sh -u target_url -f File_to_Read
