{"id":22799892,"url":"https://github.com/chocapikk/cve-2023-27372","last_synced_at":"2025-07-13T04:40:06.624Z","repository":{"id":176553392,"uuid":"658452469","full_name":"Chocapikk/CVE-2023-27372","owner":"Chocapikk","description":"SPIP Vulnerability Scanner - CVE-2023-27372 Detector","archived":false,"fork":false,"pushed_at":"2023-09-16T23:13:58.000Z","size":14,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-20T17:18:17.220Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-25T19:30:08.000Z","updated_at":"2025-02-25T05:50:15.000Z","dependencies_parsed_at":"2024-12-12T07:10:18.031Z","dependency_job_id":"13b0e066-26fa-4ec4-8928-42ad84ce6ffe","html_url":"https://github.com/Chocapikk/CVE-2023-27372","commit_stats":null,"previous_names":["chocapikk/cve-2023-27372"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chocapikk/CVE-2023-27372","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-27372","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-27372/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-27372/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-27372/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/CVE-2023-27372/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-27372/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263245253,"owners_count":23436510,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T07:10:10.198Z","updated_at":"2025-07-03T02:05:26.972Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2023-27372 SPIP \u003c 4.2.1 - Remote Code Execution Vulnerability Scanner 🛡️💻\n\nThis Python utility pinpoints the CVE-2023-27372 flaw found in SPIP applications before version 4.2.1. Leveraging the remote code execution paradigm, it validates potential vulnerabilities. Its genesis is influenced by the path-breaking proof of concept by researcher nuts7, visible [here](https://github.com/nuts7/CVE-2023-27372). 🕵️‍♂️🔐\n\n### Installation Steps 📥\n\n1. Start by cloning the repository: `git clone https://github.com/Chocapikk/CVE-2023-27372` 📋\n2. Delve into the repository's directory: `cd CVE-2023-27372` 📁\n3. Fetch the requisite Python modules via pip: `pip install -r requirements.txt` 🐍\n\n### Command \u0026 Control 💻\n\nLaunch the utility with: `python CVE-2023-27372.py [options]` 🖥️\n\nAvailable options are:\n\n* `-u` or `--url` : Specify the SPIP application's core URL 🌐\n* `-v` or `--verbose` : Opt for detailed output. (Default is set to False) 📣\n* `-l` or `--list` : Incorporate a file containing a range of SPIP application URLs 📃\n* `-o` or `--output` : Channelize the results to a specified file 📝\n* `--pages` : Determine the number of pages to scan when leveraging LeakIX via LeakPy.\n* `--leakpy` : Engage the LeakIX integration for accumulating SPIP URLs.\n\nFor illustration: `python CVE-2023-27372.py -u \u003cSPIP_URL\u003e -v -o report.txt` 🔍\n\n### Reconnaissance Method 🎯\n\nFor enthusiasts keen on uncovering potential SPIP platforms for vulnerability assessment, ZoomEye is an astute choice. Employ the following dork for this intent:\n\n`zoomeye search \"spip.php?page=\" -num 2000 -filter=ip,port` 👀\n\nAlways bear in mind the research and academic inclination of this instrument. Prior consent is a prerequisite before deploying it on any site. 📚✅\n\n### Ethical Note \u0026 Caution ⚠️\n\nThis tool's primary ambition is scholarly assessment and to assist users in gauging their own setups. Unauthorized deployments or inflicting intentional harm is stringently disapproved. Users must ensure they're in tune with local legal guidelines. The creators dissociate from any misapplications or legal contraventions. The integration with LeakIX through LeakPy aims to expedite the scanning chore by curating potential vulnerable URLs. Always validate your rights to access and assess the URLs you harness. 🚫🚨\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-27372","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fcve-2023-27372","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-27372/lists"}