.. / CVE-2023-0297

Exploit for PyLoad 0.5.0 - Unauthenticated Remote Code Execution (CVE-2023-0297)

Description:

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2023-0297.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-0297.yaml
Copy

Try the exploit in a lab environment:

Lab Machine Link
Hack The Box PC Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-0297
https://www.exploit-db.com/exploits/51532
https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/
http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html
http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html