Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4577 PoC — PHP 操作系统命令注入漏洞

Source
https://github.com/Jcccccx/CVE-2024-4577
Associated Vulnerability
Title:PHP 操作系统命令注入漏洞 (CVE-2024-4577)
Description:PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞,该漏洞源于在特定条件下,Windows系统使用“Best-Fit”行为替换命令行中的字符,这可能导致PHP CGI模块错误地将这些字符解释为PHP选项,从而泄露脚本的源代码,在服务器上运行任意PHP代码等。以下版本受到影响:8.1至8.1.29之前版本,8.3至8.3.8之前版本,8.2至8.2.20之前版本。
Description
批量验证POC和EXP
Readme
将需要扫描的文件放入urls.txt中然后直接运行POC.py
![image](https://github.com/user-attachments/assets/33b4943a-f0ea-4317-931e-da3308ad9b90)
执行命令用EXP.py
![image](https://github.com/user-attachments/assets/599aa2e4-816c-490b-ac96-345ebfc921ca)
File Snapshot

 [4.0K]  /data/pocs/13ea2b666dcabb9d53153d43b45998c80f4097fe
├── [3.1K]  CVE_2024_4577_exp.py
├── [4.6K]  CVE_2024_4577_POC.py
└── [ 268]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.