CVE-2023-30547 PoC — vm2 注入漏洞

Source

https://github.com/junnythemarksman/CVE-2023-30547

Associated Vulnerability

Title:vm2 注入漏洞 (CVE-2023-30547)
Description:vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.9.17之前版本存在注入漏洞，该漏洞源于异常清理存在漏洞，攻击者利用该漏洞可以引发未清理的主机异常，该异常可用于逃逸沙箱并在主机上下文中运行任意代码。

Readme

# CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.

## Description
Python code for PoC in https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244.
Used in Codify HTB.

## Usage

```
usage: exploit.py [-h] [-u URL] [-p PORT] [-i IP]

description: Opens a reverse shell from a vm2 vulnerable website using a base64-encoded payload in JSON format

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     HTTP address of the destination website
  -p PORT, --port PORT  Port to listen on
  -i IP, --ip IP        Your IP address
```

File Snapshot


 [4.0K]  /data/pocs/2a1ba36632cab5bda5cd9a2691dffa5d0cabb7db
├── [2.1K]  exploit.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!