关联漏洞
标题:
SPIP 安全漏洞
(CVE-2024-7954)
描述:SPIP是SPIP开源的一个用于创建 Internet 站点的免费软件。 SPIP存在安全漏洞,该漏洞源于容易受到任意代码执行漏洞的影响,远程未经身份验证的攻击者可以通过发送精心设计的HTTP请求以SPIP用户身份执行任意PHP。
描述
This exploit will attempt to execute system commands on SPIP targets.
介绍
# CVE-2024-7954
This exploit will attempt to execute system commands on SPIP targets (CVE-2024-7954).
## Overview
This is a bulk scanning and exploitation tool for CVE-2024-7954: SPIP 4.2.8 allows unauthenticated attackers to launch RCE on SPIP targets. This tool is based on this [Security Research](https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/).
## How to Use
### Install the script requirements:
```sh
pip install -r requirements.txt
```
### Options:
```sh
POC for SPIP 4.2.8 vulnerability
options:
-h, --help show this help message and exit
-u U Target URL, example http://target:9090
-f F File containing list of URLs (one per line)
-c C Command to execute on the target, default is id
```
## Contact
For any suggestions or thoughts, please get in touch with [me](https://x.com/MohamedNab1l).
## Disclaimer
I like to create my own tools for fun, work and educational purposes only. I do not support or encourage hacking or unauthorized access to any system or network. Please use my tools responsibly and only on systems where you have clear permission to test.
## References
- https://nvd.nist.gov/vuln/detail/CVE-2024-7954
- https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
文件快照
[4.0K] /data/pocs/8b423035548cceed907e46187a947a1671edf60c
├── [6.3K] CVE-2024-7954.py
├── [1.3K] README.md
├── [ 18] requirements.txt
└── [4.0K] screens
└── [ 60K] screen.jpg
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。