GitHub - rvizx/CVE-2023-30547: PoC Exploit for VM2 Sandbox Escape Vulnerability

CVE-2023-30547

PoC Exploit for VM2 Sandbox Escape Vulnerability

Description

vm2 < 3.9.17 is vulnerable to arbitrary code execution due to a flaw in exception sanitization. Attackers can exploit this by triggering an unsanitized host exception within handleException(), enabling them to escape the sandbox and run arbitrary code in the host context.

VM2-Exploit

⚠️ Consider using the "VM2-Exploit" tool, which can be used to exploit all versions of VM2, and it's easy to use.

Indenfity whether the target is vulnerable

run this on the sandbox to find whether the target is vulnerable or not.

const version = require("vm2/package.json").version;

if (version < "3.9.17") {
    console.log("vulnerable!");
} else {
    console.log("not vulnerable");
}

Usage

git clone https://github.com/rvizx/CVE-2023-30547
cd CVE-2023-30547
python3 exploit.py

or

wget https://raw.githubusercontent.com/rvizx/CVE-2023-30547/main/exploit.py
python3 exploit.py

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

exploit.py

exploit.py

Repository files navigation

CVE-2023-30547

Description

VM2-Exploit

Indenfity whether the target is vulnerable

Usage

Credits

PoC and Analysis

Credits

About

Releases

Packages

Languages

rvizx/CVE-2023-30547

Folders and files

Latest commit

History

README.md

README.md

exploit.py

exploit.py

Repository files navigation

CVE-2023-30547

Description

VM2-Exploit

Indenfity whether the target is vulnerable

Usage

Credits

PoC and Analysis

Credits

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages