Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-42007 PoC — SPX 安全漏洞

Source
https://github.com/BubblyCola/CVE_2024_42007
Associated Vulnerability
Title:SPX 安全漏洞 (CVE-2024-42007)
Description:SPX是Sylvain L.个人开发者的一个简单的 PHP 分析器。 SPX (php-spx) 0.4.15版本及之前版本存在安全漏洞。攻击者利用该漏洞可以读取任意文件。
Description
Python exploit for CVE-2024-42007 — a path traversal vulnerability in php-spx <= 0.4.15 that allows arbitrary file read via SPX_UI_URI parameter.
Readme
# CVE-2024-42007 - php-spx Path Traversal Exploit

This repository contains a Python 3 proof-of-concept (PoC) script for CVE-2024-42007.

**Vulnerability Summary:**
> php-spx <= 0.4.15 suffers from a path traversal vulnerability via the `SPX_UI_URI` parameter, allowing unauthenticated attackers to read arbitrary files from the server.

## 🚀 Usage
python3 CVE_2024_42007.py -t http://target -f /etc/passwd
File Snapshot

 [4.0K]  /data/pocs/f91d9fbfe8d278890ea549f8aa69560a7ae5e23a
├── [1.7K]  CVE_2024_42007.py
└── [ 410]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.