CVE-2024-7954

This exploit will attempt to execute system commands on SPIP targets (CVE-2024-7954).

Overview

This is a bulk scanning and exploitation tool for CVE-2024-7954: SPIP 4.2.8 allows unauthenticated attackers to launch RCE on SPIP targets. This tool is based on this Security Research.

How to Use

Install the script requirements:

pip install -r requirements.txt

Options:

POC for SPIP 4.2.8 vulnerability

options:
  -h, --help  show this help message and exit
  -u U        Target URL, example http://target:9090
  -f F        File containing list of URLs (one per line)
  -c C        Command to execute on the target, default is id

Contact

For any suggestions or thoughts, please get in touch with me.

Disclaimer

I like to create my own tools for fun, work and educational purposes only. I do not support or encourage hacking or unauthorized access to any system or network. Please use my tools responsibly and only on systems where you have clear permission to test.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7954
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

CVE-2024-7954

Overview

How to Use

Install the script requirements:

Options:

Contact

Disclaimer

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

CVE-2024-7954

Overview

How to Use

Install the script requirements:

Options:

Contact

Disclaimer

References