Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-27115 PoC — Remote Code Execution through File Upload in SOPlanning before 1.52.02

Source
https://github.com/theexploiters/CVE-2024-27115-Exploit
Associated Vulnerability
Title:Remote Code Execution through File Upload in SOPlanning before 1.52.02 (CVE-2024-27115)
Description:A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
Description
Exploit For SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
Readme
# SOPlanning 1.52.01 - Remote Code Execution (RCE) (Authenticated)

## Exploit Details

- **Exploit Title**: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- **Date**: 6th October, 2024
- **Exploit Author**: Ardayfio Samuel Nii Aryee
- **Version**: 1.52.01
- **Tested on**: Ubuntu

## Description

This repository contains an exploit for a Remote Code Execution (RCE) vulnerability in SOPlanning version 1.52.01. The exploit allows authenticated users to upload a malicious PHP file and execute arbitrary commands on the server.

## Usage

### Prerequisites

- Python 3.x
- `requests` library (Install with `pip install requests`)

### Exploit Instructions

1. Clone this repository:
   ```bash
   git clone https://github.com/TheExploiters/SOPlanning-RCE-1.52.01.git
   cd SOPlanning-RCE-1.52.01
   ```

2. Run the exploit script:
   ```bash
   python3 SOPlanning-1.52.01-RCE-Exploit.py -t <target> -u <user> -p <pass>
   ```

   Replace `http://example.com:9090` with the target URL, `admin` with the username, and `admin` with the password.

3. After successful execution, access the web shell:
   ```
   Access webshell here: http://example.com/upload/files/{link_id}/{php_filename}?cmd=<command>
   ```

4. To use the interactive shell, respond with `yes` when prompted.

### Command Example

```bash
python3 SOPlanning-1.52.01-RCE-Exploit.py -t <target> -u <user> -p <pass>
```

## Disclaimer

This exploit was authored by Ardayfio Samuel Nii Aryee and is provided for educational purposes only. The author and repository owner are not responsible for any misuse or damage caused. Ensure you have explicit permission before testing this exploit on any system.



![Repo View Counter](https://profile-counter.glitch.me/SOPlanning-1.52.01-RCE-Exploit/count.svg)
File Snapshot

 [4.0K]  /data/pocs/81494e511b0c326f57c6ea7ff642f423da280007
├── [1.8K]  README.md
└── [2.6K]  SOPlanning-1.52.01-RCE-Exploit.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →