CVE-2023-27372

Perform With Mass Remote Code Execution In SPIP Version (4.2.1)

CVE-2023-27372 The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges Branches 32, 40, 41 and 42 are concerned Vulnerable versions are below 3218, below 4010, below 4118 and below 421 Screenshot Requirements Python37+ Supported Os Linuxer Wingays Get start with $ git clone

This is a PoC for CVE-2023-27372 and spawns a fully interactive shell.

This is a proof of concept CVE-2023-27372 SPIP RCE vulnerability It's a deserilzation flaw which exploits the dangerous use of #ENV tag during the reset password feature (spipphp?page=spip_pass) within /ecrire/balise/formulaire_php Specifically this line: Syntax: python3 exploitpy -u http(s)://urlcom function protege_champ($texte){ if (is_array($texte)) $texte

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

CVE-2023-27372 SPIP before 421 allows Remote Code Execution via form values in the public area because serialization is mishandled The fixed versions are 3218, 4010, 418, and 421 This PoC exploits a PHP code injection in SPIP The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges Br

CVE-2023-27372-SPIP-CMS-Bypass

CVE-2023-27372-POC 概述 这个代码是用于检测目标网站是否存在 CVE-2023-27372 漏洞的 Python POC（Proof of Concept）。 您可以通过提供单个 URL 或包含多个 URL 的文本文件来运行该代码。 影响版本：SPIP < 421，经过验证有些网站会禁用掉phpinfo回显或者system等函数，要得到准确结果最好配合手动�

This is a PoC for CVE-2023-27372 which spawns a fully interactive shell.

This PoC was wrote quickly, it's nothing special This exploits the new CVE-2023-27372 SPIP RCE vulnerability It's a deserilzation flaw which exploits the dangerous use of #ENV tag during the reset password feature (spipphp?page=spip_pass) within "/ecrire/balise/formulaire_php" Specifically this line: Syntax: python3 exploitpy -u http(s)://urlcom func

SPIP Vulnerability Scanner - CVE-2023-27372 Detector

CVE-2023-27372 SPIP < 421 - Remote Code Execution Vulnerability Scanner 🛡️💻 This Python utility pinpoints the CVE-2023-27372 flaw found in SPIP applications before version 421 Leveraging the remote code execution paradigm, it validates potential vulnerabilities Its genesis is influenced by the path-breaking proof of concept by researcher nuts7, visible here