Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-8517 PoC — SPIP 安全漏洞

Source
https://github.com/saadhassan77/SPIP-BigUp-Unauthenticated-RCE-Exploit-CVE-2024-8517
Associated Vulnerability
Title:SPIP 安全漏洞 (CVE-2024-8517)
Description:SPIP是SPIP开源的一个用于创建 Internet 站点的免费软件。 SPIP 4.3.2、4.2.16和4.1.18之前版本存在安全漏洞,该漏洞源于命令注入问题,可能允许远程未经身份验证的攻击者通过发送特制的多部分文件上传HTTP请求来执行任意操作系统命令。
Description
This Python exploit targets a critical unauthenticated Remote Code Execution (RCE) vulnerability in the BigUp plugin of SPIP CMS (≤ 4.3.1, 4.2.15, 4.1.17). It abuses the bigup_retrouver_fichiers parameter, allowing attackers to execute arbitrary PHP via upload progress features, without authentication.
File Snapshot

 [4.0K]  /data/pocs/d072643a41774f72aa8f59223188659b2f1f9078
├── [5.7K]  exploit.py
├── [1.0K]  LICENSE
└── [1.6K]  Readme.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.