CVE-2022-36067 PoC — vm2 安全漏洞

Source

https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067

Associated Vulnerability

Title:vm2 安全漏洞 (CVE-2022-36067)
Description:vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.9.11之前版本存在安全漏洞，攻击者利用该漏洞可以绕过沙盒保护以在运行沙盒的主机上获得远程代码执行权限。

Description

This repo contains payload for the CVE-2022-36067

Readme

# Exploit-For-CVE-2022-36067
This repo contains payload for the CVE-2022-36067

## How to exploit?
Paste the payload given in payload.js along with the command you want to run.

## Test on local machine.
To test on local machine, git clone the repo, install the dependecies and run app.js using node. 

#### If the application is vulnerable, the code will get executed successfully. If not, it will throw an error which would like this:
<code>TypeError: 
Cannot read properties of undefined (reading 'mainModule')
(Use `node --trace-uncaught ...` to show where the exception was thrown)</code>

File Snapshot


 [4.0K]  /data/pocs/3dae32da403fba2843c66a8ef1157e4a5839881d
├── [ 388]  app.js
├── [ 243]  package.json
├── [2.1K]  package-lock.json
├── [ 319]  payload.js
└── [ 595]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!