CVE-2019-16394 PoC — SPIP 信息泄露漏洞

Source

https://github.com/trungnd51/Silent_CVE_2019_16394

Associated Vulnerability

Title:SPIP 信息泄露漏洞 (CVE-2019-16394)
Description:SPIP是一套基于Web的内容发布系统。该系统主要用于在线协作。 SPIP 3.1.11之前版本和3.2.5之前的3.2版本中存在安全漏洞。攻击者可利用该漏洞枚举订阅者。

Description

Simple POC for CVE-2019-16394

Readme

# CVE-2019-16394

A simple POC python script of CVE-2019-16394

Script is adjusted for a french website, you may need to modify it if the website language is different.

## Install

```bash
pip install -r requirements.txt
```

## Usage

```bash
usage: cve_2019_16394.py [-h] -u URL -f FILE [-v]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base Target URL (without the spip.php)
  -f FILE, --file FILE  File containing the mails to test
  -v, --verbose         Verbose output
```

## Links

https://www.cvedetails.com/cve/CVE-2019-16394/
https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone

File Snapshot


 [4.0K]  /data/pocs/716b8ee1eb0c78a07fdde1ea0fbbd460054bd585
├── [1.8K]  cve_2019_16394.py
├── [ 658]  README.md
└── [  24]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!