Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16394 PoC — SPIP 信息泄露漏洞

Source
https://github.com/trungnd51/Silent_CVE_2019_16394
Associated Vulnerability
Title:SPIP 信息泄露漏洞 (CVE-2019-16394)
Description:SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
Description
Simple POC for CVE-2019-16394
Readme
# CVE-2019-16394

A simple POC python script of CVE-2019-16394

Script is adjusted for a french website, you may need to modify it if the website language is different.

## Install

```bash
pip install -r requirements.txt
```

## Usage

```bash
usage: cve_2019_16394.py [-h] -u URL -f FILE [-v]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base Target URL (without the spip.php)
  -f FILE, --file FILE  File containing the mails to test
  -v, --verbose         Verbose output
```

## Links

https://www.cvedetails.com/cve/CVE-2019-16394/
https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
File Snapshot

 [4.0K]  /data/pocs/716b8ee1eb0c78a07fdde1ea0fbbd460054bd585
├── [1.8K]  cve_2019_16394.py
├── [ 658]  README.md
└── [  24]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →