Microsoft Scripting Engine Type Confusion RCE

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-30397, a critical Use-After-Free vulnerability in the JScript engine (jscript.dll) affecting Windows Server 2025 (build 25398 and prior) when accessed via Internet Explorer 11. The repository consists of three files: a LICENSE, a README.md with technical and usage details, and the main exploit script (exploit.py). The exploit.py script implements a simple Python HTTP server that serves a malicious HTML page containing heap-spraying JavaScript and shellcode. When a vulnerable system visits the provided URL (http://<attacker-ip>:8080/poc_cve_2025_30397.html) using IE11, the exploit triggers the vulnerability, resulting in remote code execution (demonstrated by launching calc.exe). The exploit is a functional PoC, not weaponized, and is intended for ethical testing and research. No hardcoded IPs or domains are present; the attacker must provide their own IP address when serving the exploit.

ChromSploit Framework is a modular, extensible exploitation and research platform focused on browser and server vulnerabilities. It provides operational exploit modules for several high-profile CVEs (including Chrome, Edge, Firefox, Tomcat, and Git), with a strong emphasis on safety: all exploits default to simulation mode, and real exploitation requires explicit authorization. The framework supports multi-stage browser exploit chains, advanced payload obfuscation, automated tunneling (ngrok), and C2 integration (Sliver, Metasploit). It includes a professional reporting system, live monitoring, and evidence collection. The repository is well-structured, with clear separation between core logic, modules, exploits, and documentation. Numerous endpoints are fingerprintable, including local HTTP servers for exploit delivery, OAuth phishing, and data exfiltration. The codebase is primarily Python, with supporting JavaScript, JSP, and shell scripts. This framework is suitable for advanced security research, red teaming, and educational demonstrations, but should only be used in authorized, isolated environments due to the presence of real exploit code (even though simulation is the default).