CVE-2024-23346

This exploit leverages a Python code injection vulnerability in Pymatgen's CIF parser by embedding a reverse shell payload in a malicious CIF file. The payload abuses Python's class introspection to execute arbitrary commands when the file is parsed.

This repository contains a functional exploit for CVE-2024-23346, targeting a Remote Code Execution (RCE) vulnerability in the `pymatgen` library via a malicious CIF file upload. The exploit automates authentication, file upload, and command execution on the target system.

This repository contains a functional exploit for CVE-2024-23346, leveraging a malicious Crystallographic Information File (CIF) to achieve remote code execution (RCE) via Python code injection in the `_space_group_magn.transform_BNS_Pp_abc` field. The exploit targets a vulnerability in pymatgen, where arbitrary commands are executed when the CIF file is processed.

This repository contains a functional exploit for CVE-2024-23346, which leverages a malicious CIF file upload to achieve remote code execution (RCE) via a Python type confusion vulnerability in pymatgen. The exploit includes authentication, file upload, and payload triggering mechanisms.

This repository contains a functional exploit for CVE-2024-23346, leveraging a Python script to execute arbitrary commands on a vulnerable system. The exploit uses a crafted CIF file to trigger arbitrary code execution via Python's `__mro__` and `__subclasses__` manipulation, establishing a reverse shell to the attacker's machine.

This repository contains a functional Rust exploit for CVE-2024-23346, leveraging a code injection vulnerability in a web application to achieve remote command execution (RCE). The exploit authenticates, uploads a malicious CIF file with embedded payload, and establishes a reverse shell via netcat.