Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23346 PoC — pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Source
https://github.com/szyth/CVE-2024-23346-rust-exploit
Associated Vulnerability
Title:pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string (CVE-2024-23346)
Description:Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
Description
A Rust exploit for CVE-2024-23346 that functions as a "terminal" (tested on chemistry.htb)
Readme
A Rust exploitation script for CVE-2024-23346.

As shown below the POC uses the code injection vulnerability and runs remote shell commands like in a Terminal.


[poc.webm](https://github.com/user-attachments/assets/0d1e15d8-21c3-4c32-9ae2-8539461ca257)

---
Steps to run the exploit:
- Run directly with `Cargo`
    - `cargo run -- --help`
    - `cargo run -- --target http://10.10.11.38 --username "Admin" --password "Admin@123" --lhost 10.10.14.19`

OR

- Compile the Binary: `cargo build -r` (binary will be in `target/release/poc`)
- Run the Binary:
    - `./poc --help`
    - `./poc --target http://10.10.11.38 --username "Admin" --password "Admin@123" --lhost 10.10.14.19`


---
Exploit script is inspired from Python Scripting Expert [MAWK0235](https://github.com/MAWK0235)
File Snapshot

 [4.0K]  /data/pocs/5a760343e248f15aa3bb86e391662b9f58529977
├── [ 47K]  Cargo.lock
├── [ 324]  Cargo.toml
├── [4.0K]  file
│   └── [ 622]  poc.cif
├── [ 782]  README.md
└── [4.0K]  src
    └── [7.9K]  main.rs

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →