来源

关联漏洞

描述

Exploit (C) CVE-2024-4577 on PHP CGI 

介绍

# CVE-2024-4577 PHP CGI Remote Code Execution Exploit

**Author:** Byte Reaper  
**CVE:** CVE-2024-4577  
**Category:** Web Exploitation  
**Target Versions:** PHP CGI 8.1, 8.2, 8.3  
**Target OS:** Windows  
**License :** MIT
---

## Overview

This repository contains a proof-of-concept exploit for the **CVE-2024-4577** vulnerability in PHP CGI versions 8.1, 8.2, and 8.3 running on Windows systems. This vulnerability allows remote code execution (RCE) by exploiting insecure PHP CGI configurations.

---

## Features

- Remote code execution via crafted HTTP POST requests  
- Supports execution of arbitrary commands on the target server  
- Reverse shell functionality to gain interactive access  
- Activity logging and response analysis for verification  

---

## Requirements

- Windows Operating System (to run the exploit)  
- libcurl for HTTP requests  
- Winsock2 for networking  
- Compatible C compiler (e.g., MSVC)  

---
## Building

- => C:\Users\pc\Downloads\gcc\bin\gcc.exe  .\exploit.c .\argparse.c   -I"C:\Users\pc\Downloads\curl-8.14.1_2-win64-mingw\include" -L "C:\Users\pc\Downloads\curl-8.14.1_2-win64-mingw\lib" -lcurl -lws2_32 -o CVE-2024-4577

## Usage
- -u : Target URL PHP CGI 
- -c : Execute the command on the server
- -p : Listen Port

- => CVE-2024-4577.exe -u http://target/cgi-bin/php-cgi.exe "system(whoami)" 
Or Argument listen port : 
=> CVE-2024-4577.exe -u http://target/cgi-bin/php-cgi.exe "system(whoami)" -p 1234


## Important Disclaimer
WARNING: This tool is for educational and authorized security testing only!

Do NOT use this exploit on systems without explicit permission from the owner.

Unauthorized usage may lead to legal consequences.

## Contact
Telegrame : @ByteReaper0

文件快照

 [4.0K]  /data/pocs/22695e928bc660f2d7829f3c2052d15caffb9b30
├── [ 19K]  exploit.c
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 3 files

备注