Share
## https://sploitus.com/exploit?id=BB8648E9-3FBA-536E-9966-E6C298DBB57C
# CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner ๐Ÿ›ก๏ธ๐Ÿ’ป

This Python utility pinpoints the CVE-2023-27372 flaw found in SPIP applications before version 4.2.1. Leveraging the remote code execution paradigm, it validates potential vulnerabilities. Its genesis is influenced by the path-breaking proof of concept by researcher nuts7, visible [here](https://github.com/nuts7/CVE-2023-27372). ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”

### Installation Steps ๐Ÿ“ฅ

1. Start by cloning the repository: `git clone https://github.com/Chocapikk/CVE-2023-27372` ๐Ÿ“‹
2. Delve into the repository's directory: `cd CVE-2023-27372` ๐Ÿ“
3. Fetch the requisite Python modules via pip: `pip install -r requirements.txt` ๐Ÿ

### Command & Control ๐Ÿ’ป

Launch the utility with: `python CVE-2023-27372.py [options]` ๐Ÿ–ฅ๏ธ

Available options are:

* `-u` or `--url` : Specify the SPIP application's core URL ๐ŸŒ
* `-v` or `--verbose` : Opt for detailed output. (Default is set to False) ๐Ÿ“ฃ
* `-l` or `--list` : Incorporate a file containing a range of SPIP application URLs ๐Ÿ“ƒ
* `-o` or `--output` : Channelize the results to a specified file ๐Ÿ“
* `--pages` : Determine the number of pages to scan when leveraging LeakIX via LeakPy.
* `--leakpy` : Engage the LeakIX integration for accumulating SPIP URLs.

For illustration: `python CVE-2023-27372.py -u <SPIP_URL> -v -o report.txt` ๐Ÿ”

### Reconnaissance Method ๐ŸŽฏ

For enthusiasts keen on uncovering potential SPIP platforms for vulnerability assessment, ZoomEye is an astute choice. Employ the following dork for this intent:

`zoomeye search "spip.php?page=" -num 2000 -filter=ip,port` ๐Ÿ‘€

Always bear in mind the research and academic inclination of this instrument. Prior consent is a prerequisite before deploying it on any site. ๐Ÿ“šโœ…

### Ethical Note & Caution โš ๏ธ

This tool's primary ambition is scholarly assessment and to assist users in gauging their own setups. Unauthorized deployments or inflicting intentional harm is stringently disapproved. Users must ensure they're in tune with local legal guidelines. The creators dissociate from any misapplications or legal contraventions. The integration with LeakIX through LeakPy aims to expedite the scanning chore by curating potential vulnerable URLs. Always validate your rights to access and assess the URLs you harness. ๐Ÿšซ๐Ÿšจ