一、 漏洞 CVE-2024-4577 基础信息
漏洞信息
# PHP-CGI的参数注入漏洞
## 漏洞概述
在特定版本的PHP中,当使用Apache和PHP-CGI在Windows系统上运行时,如果系统设置使用某些代码页,Windows可能采用“Best-Fit”行为来替换命令行中传递给Win32 API函数的字符。这可能导致PHP CGI模块误将这些字符解释为PHP选项,从而使恶意用户能够向运行的PHP二进制文件传递选项,进而可能泄露脚本源代码或在服务器上执行任意PHP代码。
## 影响版本
- PHP 8.1.x 版本:8.1.0至8.1.28
- PHP 8.2.x 版本:8.2.0至8.2.19
- PHP 8.3.x 版本:8.3.0至8.3.7
## 细节
当系统配置使用某些代码页时,Windows会采用"Best-Fit"策略来替换传递给Win32 API函数中的字符。这可能导致PHP CGI模块将某些字符误判为PHP选项。恶意用户可通过这种方式向PHP二进制文件传递额外选项,从而对服务器进行进一步攻击。
## 影响
- 泄露脚本源代码
- 在服务器上执行任意PHP代码
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Argument Injection in PHP-CGI
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
PHP 操作系统命令注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞,该漏洞源于在特定条件下,Windows系统使用“Best-Fit”行为替换命令行中的字符,这可能导致PHP CGI模块错误地将这些字符解释为PHP选项,从而泄露脚本的源代码,在服务器上运行任意PHP代码等。以下版本受到影响:8.1至8.1.29之前版本,8.3至8.3.8之前版本,8.2至8.2.20之前版本。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-4577 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters. | https://github.com/TAM-K592/CVE-2024-4577 | POC详情 |
| 2 | CVE-2024-4577 | https://github.com/ohhhh693/CVE-2024-4577 | POC详情 |
| 3 | PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC | https://github.com/Junp0/CVE-2024-4577 | POC详情 |
| 4 | None | https://github.com/princew88/CVE-2024-4577 | POC详情 |
| 5 | POC & $BASH script for CVE-2024-4577 | https://github.com/11whoami99/CVE-2024-4577 | POC详情 |
| 6 | PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC | https://github.com/watchtowrlabs/CVE-2024-4577 | POC详情 |
| 7 | CVE-2024-4577 | https://github.com/zjhzjhhh/CVE-2024-4577 | POC详情 |
| 8 | None | https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template | POC详情 |
| 9 | None | https://github.com/taida957789/CVE-2024-4577 | POC详情 |
| 10 | None | https://github.com/Wh02m1/CVE-2024-4577 | POC详情 |
| 11 | Nuclei Template for CVE-2024-4577 | https://github.com/Sysc4ll3r/CVE-2024-4577 | POC详情 |
| 12 | None | https://github.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP | POC详情 |
| 13 | None | https://github.com/Yukiioz/CVE-2024-4577 | POC详情 |
| 14 | CVE-2024-4577 nuclei-templates | https://github.com/0x20c/CVE-2024-4577-nuclei | POC详情 |
| 15 | Proof Of Concept RCE exploit for critical vulnerability in PHP <8.2.15 (Windows), allowing attackers to execute arbitrary commands. | https://github.com/manuelinfosec/CVE-2024-4577 | POC详情 |
| 16 | CVE-2024-4577 Exploit POC | https://github.com/zomasec/CVE-2024-4577 | POC详情 |
| 17 | PoC for CVE-2024-4577 written in bash, go, python and a nuclei template | https://github.com/ZephrFish/CVE-2024-4577-PoC | POC详情 |
| 18 | PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template | https://github.com/ZephrFish/CVE-2024-4577-PHP-RCE | POC详情 |
| 19 | [漏洞复现] 全球首款利用PHP默认环境的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP,共享原创EXP,支持SSRF,支持绕过WAF。The world's first CVE-2024-4577 PHP-CGI RCE exploit utilizing the default PHP environment. Sharing original exploit, supports SSRF, supports WAF bypass. | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE | POC详情 |
| 20 | python poc编写练手,可以对单个目标或批量检测 | https://github.com/dbyMelina/CVE-2024-4577 | POC详情 |
| 21 | PHP CGI Argument Injection vulnerability | https://github.com/Chocapikk/CVE-2024-4577 | POC详情 |
| 22 | A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE) | https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT | POC详情 |
| 23 | Bash script that checks if a PHP CGI setup is vulnerable to the CVE-2024-4577 argument injection vulnerability | https://github.com/it-t4mpan/check_cve_2024_4577.sh | POC详情 |
| 24 | This is a PoC for PHP CVE-2024-4577. | https://github.com/bl4cksku11/CVE-2024-4577 | POC详情 |
| 25 | php-cgi RCE快速检测 | https://github.com/nemu1k5ma/CVE-2024-4577 | POC详情 |
| 26 | CVE-2024-4577 | https://github.com/aaddmin1122345/CVE-2024-4577-POC | POC详情 |
| 27 | POC for CVE-2024-4577 with Shodan integration | https://github.com/d3ck4/Shodan-CVE-2024-4577 | POC详情 |
| 28 | None | https://github.com/Entropt/CVE-2024-4577_Analysis | POC详情 |
| 29 | None | https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE | POC详情 |
| 30 | None | https://github.com/hexedbyte/cve-2024-4577 | POC详情 |
| 31 | Fixed and minimalist PoC of the CVE-2024-4577 | https://github.com/Sh0ckFR/CVE-2024-4577 | POC详情 |
| 32 | Argument injection vulnerability in PHP | https://github.com/gotr00t0day/CVE-2024-4577 | POC详情 |
| 33 | PHP CGI Remote Code Execution (CVE-2024-4577) PoC | https://github.com/sug4r-wr41th/CVE-2024-4577 | POC详情 |
| 34 | Python script for get reverse shell with using CVE-2024-4577 | https://github.com/AlperenY-cs/CVE-2024-4577 | POC详情 |
| 35 | CVE-2024-4577 POC | https://github.com/VictorShem/CVE-2024-4577 | POC详情 |
| 36 | None | https://github.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE | POC详情 |
| 37 | None | https://github.com/amandineVdw/CVE-2024-4577 | POC详情 |
| 38 | None | https://github.com/PhinehasNarh/CVE-2024-4577-Defend | POC详情 |
| 39 | None | https://github.com/ggfzx/CVE-2024-4577 | POC详情 |
| 40 | CVE-2024-4577 | https://github.com/olebris/CVE-2024-4577 | POC详情 |
| 41 | None | https://github.com/BitMEXResearch/CVE-2024-4577 | POC详情 |
| 42 | CVE-2024-4577 EXP | https://github.com/charis3306/CVE-2024-4577 | POC详情 |
| 43 | CVE-2024-4577 Exploits | https://github.com/cybersagor/CVE-2024-4577 | POC详情 |
| 44 | PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploitation) | https://github.com/l0n3m4n/CVE-2024-4577-RCE | POC详情 |
| 45 | ATTACK PoC - PHP CVE-2024-4577 | https://github.com/bibo318/CVE-2024-4577-RCE-ATTACK | POC详情 |
| 46 | Automated PHP remote code execution scanner for CVE-2024-4577 | https://github.com/waived/CVE-2024-4577-PHP-RCE | POC详情 |
| 47 | PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC | https://github.com/PizzaboiBestLegits/CVE-2024-4577 | POC详情 |
| 48 | CVE | https://github.com/nNoSuger/CVE-2024-4577 | POC详情 |
| 49 | None | https://github.com/a-roshbaik/CVE-2024-4577 | POC详情 |
| 50 | None | https://github.com/a-roshbaik/CVE-2024-4577-PHP-RCE | POC详情 |
| 51 | 批量验证POC和EXP | https://github.com/Jcccccx/CVE-2024-4577 | POC详情 |
| 52 | None | https://github.com/ManuelKy08/CVE-2024-4577---RR | POC详情 |
| 53 | CVE-2024-4577 Exploits | https://github.com/bughuntar/CVE-2024-4577 | POC详情 |
| 54 | PHP CGI Argument Injection (CVE-2024-4577) RCE | https://github.com/fa-rrel/CVE-2024-4577-RCE | POC详情 |
| 55 | CVE-2024-4577 | https://github.com/aaddmin1122345/cve-2024-4577 | POC详情 |
| 56 | Scanning CVE-2024-4577 vulnerability with a url list. | https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner | POC详情 |
| 57 | 🚨 New Incident Report Completed! 🚨 Just wrapped up "Event ID 268: SOC292 - Possible PHP Injection Detected (CVE-2024-4577)" on LetsDefend.io. This analysis involved investigating an attempted Command Injection targeting our PHP server. Staying ahead of these threats with continuous monitoring and swift containment! 🛡️ | https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577- | POC详情 |
| 58 | None | https://github.com/phirojshah/CVE-2024-4577 | POC详情 |
| 59 | A Bash script designed to scan multiple domains for the CVE-2024-4577 vulnerability in PHP-CGI. | https://github.com/JeninSutradhar/CVE-2024-4577-checker | POC详情 |
| 60 | This is an Incident Response Walkthrough: Mitigating a Zero-Day Attack (CVE-2024-4577) | https://github.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough | POC详情 |
| 61 | None | https://github.com/longhoangth18/CVE-2024-4577 | POC详情 |
| 62 | None | https://github.com/0xbd2/CVE-2024-4577 | POC详情 |
| 63 | None | https://github.com/ahmetramazank/CVE-2024-4577 | POC详情 |
| 64 | CVE-2024-4577 RCE PoC | https://github.com/BTtea/CVE-2024-4577-RCE-PoC | POC详情 |
| 65 | PHP CGI Argument Injection (CVE-2024-4577) RCE | https://github.com/gh-ost00/CVE-2024-4577-RCE | POC详情 |
| 66 | CVE-2024-4577 POC | https://github.com/Dejavu666/CVE-2024-4577 | POC详情 |
| 67 | php-cgi-cve-2024-4577 | https://github.com/chihyeonwon/php-cgi-cve-2024-4577 | POC详情 |
| 68 | None | https://github.com/Didarul342/CVE-2024-4577 | POC详情 |
| 69 | 一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具 | https://github.com/Night-have-dreams/php-cgi-Injector | POC详情 |
| 70 | php-cgi-cve-2024-4577 | https://github.com/mr-won/php-cgi-cve-2024-4577 | POC详情 |
| 71 | None | https://github.com/mistakes1337/CVE-2024-4577 | POC详情 |
| 72 | PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template cve-2024-4577, pentest, php, poc, rce-exploit, redteam | https://github.com/creamylegum/CVE-2024-4577-PHP-RCE | POC详情 |
| 73 | PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template cve-2024-4577, pentest, php, poc, rce-exploit, redteam | https://github.com/fabulouscounc/CVE-2024-4577-PHP-RCE | POC详情 |
| 74 | PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template cve-2024-4577, pentest, php, poc, rce-exploit, redteam | https://github.com/deadlybangle/CVE-2024-4577-PHP-RCE | POC详情 |
| 75 | PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4577.yaml | POC详情 |
| 76 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80%E6%BC%8F%E6%B4%9E/PHP%20CGI%20Windows%20%E5%B9%B3%E5%8F%B0%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-4577.md | POC详情 |
| 77 | php-cgi-cve-2024-4577 | https://github.com/user20252228/php-cgi-cve-2024-4577 | POC详情 |
| 78 | Automated PHP remote code execution scanner for CVE-2024-4577 | https://github.com/gmh5225/CVE-2024-4577-PHP-RCE | POC详情 |
| 79 | php-cgi-cve-2024-4577 | https://github.com/tpdlshdmlrkfmcla/php-cgi-cve-2024-4577 | POC详情 |
| 80 | PHP CGI Parameter Injection Vulnerability (RCE: Remote Code Execution) | https://github.com/Gill-Singh-A/CVE-2024-4577-Exploit | POC详情 |
| 81 | 使用PowsrShell掃描CVE-2024-4577 | https://github.com/tntrock/CVE-2024-4577_PowerShell | POC详情 |
| 82 | None | https://github.com/KimJuhyeong95/cve-2024-4577 | POC详情 |
| 83 | CVE-2024-4577.py | https://github.com/ibrahmsql/CVE-2024-4577 | POC详情 |
| 84 | Exploit (C) CVE-2024-4577 on PHP CGI | https://github.com/byteReaper77/CVE-2024-4577 | POC详情 |
| 85 | None | https://github.com/r0otk3r/CVE-2024-4577 | POC详情 |
| 86 | Delivering PHP RCE (CVE-2024-4577) to the Local Network Servers | https://github.com/ZeroMemoryEx/PHP-CGI-INTERNAL-RCE | POC详情 |
| 87 | Exploit for php-cgi | https://github.com/Skycritch/CVE-2024-4577 | POC详情 |
| 88 | CVE-2024-4577 Mass Scanner & Exploit Tool | https://github.com/CirqueiraDev/MassExploit-CVE-2024-4577 | POC详情 |
| 89 | CVE-2024-4577 | https://github.com/Ra1n-60W/CVE-2024-4577 | POC详情 |
| 90 | None | https://github.com/xAL6/cve-2024-4577-scanner | POC详情 |
| 91 | None | https://github.com/Ianthinus/CVE-2024-4577 | POC详情 |
| 92 | A PHP CGI Vulnerability Scanner for CVE-2024-4577 | https://github.com/InfoSec-DB/PHPCGIScanner | POC详情 |
| 93 | None | https://github.com/a1ex-var1amov/ctf-cve-2024-4577 | POC详情 |
| 94 | Delivering PHP RCE (CVE-2024-4577) to the Local Network Servers | https://github.com/mananjain61/PHP-CGI-INTERNAL-RCE | POC详情 |
| 95 | None | https://github.com/wilss0n/CVE-2024-4577 | POC详情 |
| 96 | None | https://github.com/eagerapps/CVE-2024-4577 | POC详情 |
| 97 | None | https://github.com/0XFFFF-XD/CVE-2024-4577-PHP-CGI-RCE | POC详情 |
| 98 | CVE-2024-4577 | https://github.com/aavamin/cve-2024-4577 | POC详情 |
| 99 | None | https://github.com/pararam-org/CVE-2024-4577 | POC详情 |
| 100 | None | https://github.com/graphite-org/CVE-2024-4577 | POC详情 |
| 101 | CVE-2024-4577 PHP CGI Argument Injection - Detection Lab with Vagrant VMs and Wazuh SIEM rules | https://github.com/rayngnpc/CVE-2024-4577-rayng | POC详情 |
三、漏洞 CVE-2024-4577 的情报信息
- https://isc.sans.edu/diary/30994
- https://github.com/11whoami99/CVE-2024-4577
- https://www.php.net/ChangeLog-8.php#8.3.8
标题: Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability | DEVCORE -- 🔗来源链接
标签:
神龙速读:### 关键信息总结 - **漏洞编号**: CVE-2024-4577 - **漏洞类型**: PHP CGI Argument Injection Vulnerability - **影响范围**: - 所有在Windows操作系统上安装的PHP版本 - 特别包括 PHP 8.3 < 8.3.8、PHP 8.2 < 8.2.20、PHP 8.1 < 8.1.29 - PHP 8.0、PHP 7、PHP 5 已进入生命终止期, 服务器管理员可以访问`Am I Vulnerable?`部分找到临时补丁建议,并在`Mitigation Measure`部分中找到建议措施 - **发现者**: DEV CORE - **发布时间及修复**: - 发现于2024-05-07,修复补丁于2024-06-06发布 - **利用条件**: - 通过特定字符序列跳过CVE-2012-1823的防护机制 - 利用PHP中的Best-Fit编码转换功能 - **修复措施**: - 升级至PHP的最新版本8.3.8、8.2.20、和8.1.29 - 对于无法升级的用户,可以使用Rewrite Rules进行临时缓解 - 对于XAMPP用户,修改Apache HTTP Server配置来避免被利用 - **影响评估**: 由于PHP语言在Web生态系统中的使用较为广泛,且易于被利用,因此该漏洞被评估为严重型(critical)。
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240621-0008/
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
- https://www.php.net/ChangeLog-8.php#8.2.20
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
- https://www.php.net/ChangeLog-8.php#8.1.29
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
- https://github.com/rapid7/metasploit-framework/pull/19247
- https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
- https://nvd.nist.gov/vuln/detail/CVE-2024-4577
四、漏洞 CVE-2024-4577 的评论
暂无评论