.png)
2 months ago
41 BOOK THIS SPACE FOR AD
ARTICLE AD
## https://sploitus.com/exploit?id=38CBFAC4-842A-5A70-B9E7-40B182B06134
# CVE-2024-7954
This exploit will attempt to execute system commands on SPIP targets (CVE-2024-7954).
## Overview
This is a bulk scanning and exploitation tool for CVE-2024-7954: SPIP 4.2.8 allows unauthenticated attackers to launch RCE on SPIP targets. This tool is based on this [Security Research](https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/).
## How to Use
### Install the script requirements:
```sh
pip install -r requirements.txt
```
### Options:
```sh
POC for SPIP 4.2.8 vulnerability
options:
-h, --help show this help message and exit
-u U Target URL, example http://target:9090
-f F File containing list of URLs (one per line)
-c C Command to execute on the target, default is id
```
## Contact
For any suggestions or thoughts, please get in touch with [me](https://x.com/MohamedNab1l).
## Disclaimer
I like to create my own tools for fun, work and educational purposes only. I do not support or encourage hacking or unauthorized access to any system or network. Please use my tools responsibly and only on systems where you have clear permission to test.
## References
- https://nvd.nist.gov/vuln/detail/CVE-2024-7954
- https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
Bengali (Bangladesh) · 
English (United States) ·