关联漏洞
Description
SPIP Vulnerability Scanner - CVE-2023-27372 Detector
介绍
# CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner 🛡️💻
This Python utility pinpoints the CVE-2023-27372 flaw found in SPIP applications before version 4.2.1. Leveraging the remote code execution paradigm, it validates potential vulnerabilities. Its genesis is influenced by the path-breaking proof of concept by researcher nuts7, visible [here](https://github.com/nuts7/CVE-2023-27372). 🕵️♂️🔐
### Installation Steps 📥
1. Start by cloning the repository: `git clone https://github.com/Chocapikk/CVE-2023-27372` 📋
2. Delve into the repository's directory: `cd CVE-2023-27372` 📁
3. Fetch the requisite Python modules via pip: `pip install -r requirements.txt` 🐍
### Command & Control 💻
Launch the utility with: `python CVE-2023-27372.py [options]` 🖥️
Available options are:
* `-u` or `--url` : Specify the SPIP application's core URL 🌐
* `-v` or `--verbose` : Opt for detailed output. (Default is set to False) 📣
* `-l` or `--list` : Incorporate a file containing a range of SPIP application URLs 📃
* `-o` or `--output` : Channelize the results to a specified file 📝
* `--pages` : Determine the number of pages to scan when leveraging LeakIX via LeakPy.
* `--leakpy` : Engage the LeakIX integration for accumulating SPIP URLs.
For illustration: `python CVE-2023-27372.py -u <SPIP_URL> -v -o report.txt` 🔍
### Reconnaissance Method 🎯
For enthusiasts keen on uncovering potential SPIP platforms for vulnerability assessment, ZoomEye is an astute choice. Employ the following dork for this intent:
`zoomeye search "spip.php?page=" -num 2000 -filter=ip,port` 👀
Always bear in mind the research and academic inclination of this instrument. Prior consent is a prerequisite before deploying it on any site. 📚✅
### Ethical Note & Caution ⚠️
This tool's primary ambition is scholarly assessment and to assist users in gauging their own setups. Unauthorized deployments or inflicting intentional harm is stringently disapproved. Users must ensure they're in tune with local legal guidelines. The creators dissociate from any misapplications or legal contraventions. The integration with LeakIX through LeakPy aims to expedite the scanning chore by curating potential vulnerable URLs. Always validate your rights to access and assess the URLs you harness. 🚫🚨
文件快照
[4.0K] /data/pocs/c3db504562f421fd9e8ca14b8cbc7b9ba967e833
├── [8.2K] CVE-2023-27372.py
├── [2.3K] README.md
├── [ 112] requirements.txt
└── [3.7K] spip_oubli_param_rce.rb
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。