CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner π‘οΈπ»
This Python script scans for the CVE-2023-27372 vulnerability in SPIP applications under version 4.2.1. It uses the remote code execution model to test for the vulnerability. π΅οΈββοΈπ
Installation π₯
To install this script, follow these steps:
-
Clone this repository:
git clone https://github.com/Chocapikk/CVE-2023-27372π -
Navigate into the project directory:
cd CVE-2023-27372π -
Install necessary Python packages using pip:
pip install -r requirements.txtπ
Usage π»
To use the script, you can run the following command: python CVE-2023-27372.py [arguments] π₯οΈ
The arguments that can be used are:
-uor--url: Provide the SPIP application base URL π-vor--verbose: Enable verbose mode. (default: False) π£-lor--list: Provide a file with a list of SPIP application base URLs π-oor--output: Write the output to a file π
An example of usage: python CVE-2023-27372.py -u <SPIP_URL> -v -o output.txt π
Dork π―
For finding potential SPIP websites that could be tested for the vulnerability, the ZoomEye search engine can be used with the following dork:
zoomeye search "spip.php?page=" -num 2000 -filter=ip,port π
Please note that this is meant for research and educational purposes. Do not use it on websites without obtaining proper permissions. πβ
Disclaimer β οΈ
This tool is intended for academic purposes and testing your own systems for these vulnerabilities. Do not use it to cause harm or without proper authorization from the owner of the target system. The user of this software is solely responsible for obeying local laws and regulations. The authors are not liable for any damage or violations caused by this tool. π«π¨