## https://sploitus.com/exploit?id=A7731F1E-FB5B-501E-A401-8C7167FCB1DB
# CVE-2024-28397 Exploit Automation
A Python automation script for exploiting the **js2py Sandbox Escape** vulnerability (CVE-2024-28397). This tool automates the payload generation and delivery process to achieve Remote Code Execution (RCE) on vulnerable instances.
โ ๏ธ Legal Disclaimer
Usage of this tool for attacking targets without prior mutual consent is illegal. This repository is for educational purposes only. The author is not responsible for any misuse of this information. This tool is intended to be used in authorized security assessments and Capture The Flag (CTF) environments.
## ๐ง About The Vulnerability
**CVE-2024-28397** affects the `js2py` library (versions -i -p
```
## ๐ธ Proof of Concept
Here is the tool in action against a vulnerable target (Hack The Box - CodeTwo):
### 1. Execution
Running the exploit to generate the payload and trigger the callback:
### 2. Success
Receiving the reverse shell on the listener:
## ๐ Credits
* **Vulnerability Discovery & Core JS Payload:** [Marven11](https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape)
* **Automation Script:** **L1337Xi**