CVE-2017-16666

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-16666. PoCs published by Mehmet Ince, Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/xplico_exec.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote code execution vulnerability in Xplico by registering a new user, activating it via a predictable token, and injecting commands through a PCAP file upload feature.

Description

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · rubyremotelinux

https://www.exploit-db.com/exploits/43430

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Xplico by registering a new user, activating it via a predictable token, and injecting commands through a PCAP file upload feature.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Xplico (version not specified)

No auth needed

Prerequisites: Network access to Xplico's web interface (default port 9876) · Xplico installation with default or vulnerable configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/xplico_exec.rb