关联漏洞
标题:
vm2 注入漏洞
(CVE-2023-30547)
描述:vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.9.17之前版本存在注入漏洞,该漏洞源于异常清理存在漏洞,攻击者利用该漏洞可以引发未清理的主机异常,该异常可用于逃逸沙箱并在主机上下文中运行任意代码。
介绍
# CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
## Description
Python code for PoC in https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244.
Used in Codify HTB.
## Usage
```
usage: exploit.py [-h] [-u URL] [-p PORT] [-i IP]
description: Opens a reverse shell from a vm2 vulnerable website using a base64-encoded payload in JSON format
options:
-h, --help show this help message and exit
-u URL, --url URL HTTP address of the destination website
-p PORT, --port PORT Port to listen on
-i IP, --ip IP Your IP address
```
文件快照
[4.0K] /data/pocs/2a1ba36632cab5bda5cd9a2691dffa5d0cabb7db
├── [2.1K] exploit.py
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。