Rapid7 Vulnerability & Exploit Database

SPIP form PHP Injection

Back to Search

SPIP form PHP Injection

Disclosed
02/27/2023
Created
04/18/2023

Description

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are <3.2.18, <4.0.10, <4.1.18 and <4.2.1.

Author(s)

  • coiffeur
  • Laluka
  • Julien Voisin

Platform

Linux,PHP,Unix

Architectures

php, cmd

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/webapp/spip_rce_form
msf exploit(spip_rce_form) > show targets
    ...targets...
msf exploit(spip_rce_form) > set TARGET < target-id >
msf exploit(spip_rce_form) > show options
    ...show and set options...
msf exploit(spip_rce_form) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;