LivePerson is a popular platform that offers the possibility of integrating live chat functions on your website. It also offers the possibility of creating something called 'AI-powered chatbots', i.e. bots that, when properly programmed / set, will be able to service customers themselves and answer frequently asked questions - all of this can be built using a tool called "Conversation Builder "and is available from a browser on LivePerson's servers.
var response = botContext.getCurrentUserMessage(); botContext.sendImmediateReply('I think you said, ' + response);
After executing a special piece of code, I found it worth a closer look.
At this point, I started to search the internet to see if it is possible to "jump out" or bypass such a security to execute Java code, so that I would be able to execute commands on the host system - as it turns out , it was possible and it was not particularly complicated ;-)
Nashorn Sandbox was used here, which until version 0.1.19 had a bug that allowed this type of attack - sandbox escape.
May 13, 2020 - application to LivePerson.
5/14/2020 - Thanks for reporting a bug.