CVE-2024-28397 PoC — Js2Py 安全漏洞

来源

关联漏洞

Description

The CVE-2024-28397 vulnerability affects versions of js2py up to v0.74, a Python library that allows JavaScript code to be executed within the Python interpreter. 

介绍

# CVE-2024-28397 - js2py Sandbox Escape

## Description
The **CVE-2024-28397** vulnerability affects versions of **js2py** up to `v0.74`, a Python library that allows JavaScript code to be executed within the Python interpreter.  

The flaw is in the implementation of the `disable_pyimport()` method, which should prevent JavaScript code from accessing Python objects. However, due to a failure in the implementation, an attacker can circumvent this restriction and obtain references to Python objects within the JavaScript environment, allowing arbitrary code execution on host.

### Technical Details
- **Affected component:** `js2py.disable_pyimport()`  
- **Affected versions:** Up to `v0.74`  
- **CVE ID:** CVE-2024-28397  
- **CVSS v3.1:** 5.3 (Medium)  
- **CWE:** 94 (Improper Control of Code Generation)  

The vulnerability occurs because the `disable_pyimport()` method does not properly prevent access to Python objects from JavaScript code. This allows an attacker, even with protection enabled, to access Python objects and execute arbitrary commands on the system.

---

## How to Use

### Requirements
- PHP >= 7.x  
- Composer  
- PHP cURL extension enabled  
- Python application vulnerable to **CVE-2024-28397 (js2py <= v0.74)** running as target  

### Installation

**Clone the repository and install dependencies:**

### Installation
- Clone the repository and install dependencies:

```bash
git clone https://github.com/yourusername/exploit-js2py-CVE-2024-28397.git
cd exploit-js2py-CVE-2024-28397
composer install

文件快照

 [4.0K]  /data/pocs/ecf4aa83dd2aa91266d14f448f9bb4e3dc8e8335
├── [6.1K]  exploit_js2py.php
└── [1.5K]  README.md

0 directories, 2 files

备注