Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4577 PoC — PHP 操作系统命令注入漏洞

Source
https://github.com/Entropt/CVE-2024-4577_Analysis
Associated Vulnerability
Title:PHP 操作系统命令注入漏洞 (CVE-2024-4577)
Description:PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞,该漏洞源于在特定条件下,Windows系统使用“Best-Fit”行为替换命令行中的字符,这可能导致PHP CGI模块错误地将这些字符解释为PHP选项,从而泄露脚本的源代码,在服务器上运行任意PHP代码等。以下版本受到影响:8.1至8.1.29之前版本,8.3至8.3.8之前版本,8.2至8.2.20之前版本。
Readme
<h1>Phân tích CVE-2024-4577</h1>
Bên trên là bài phân tích của tôi, ngoài ra có đầy đủ tất cả thông tin về :<br>
- Cấu hình máy chủ Apache<br> 
- Debugger cho PHP

Nguồn tôi tham khảo: https://nvd.nist.gov/vuln/detail/CVE-2024-4577
File Snapshot

 [4.0K]  /data/pocs/6da17944d36535b63365aad47e627e7a6d36a85f
├── [1.3M]  CVE-2024-4577 Analysis.pdf
├── [8.8K]  CVE-2024-4577.json
├── [2.6K]  httpd-xampp.conf
├── [ 73K]  php.ini
└── [ 268]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.