漏洞平台

POC详情： 84fffd19cde8a326967b2a4a330ced07e45d91d3

来源

https://github.com/manuelinfosec/CVE-2024-4577

关联漏洞

标题： PHP 操作系统命令注入漏洞 (CVE-2024-4577)
描述：PHP是一种在服务器端执行的脚本语言。 PHP存在操作系统命令注入漏洞，该漏洞源于在特定条件下，Windows系统使用“Best-Fit”行为替换命令行中的字符，这可能导致PHP CGI模块错误地将这些字符解释为PHP选项，从而泄露脚本的源代码，在服务器上运行任意PHP代码等。以下版本受到影响：8.1至8.1.29之前版本，8.3至8.3.8之前版本，8.2至8.2.20之前版本。

描述

Proof Of Concept RCE exploit for critical vulnerability in PHP <8.2.15 (Windows), allowing attackers to execute arbitrary commands.

介绍

# CVE-2024-4577: Critical Vulnerability in PHP's CGI Configurations

A severe security flaw exists in PHP's CGI mode that allows attackers to run arbitrary commands by manipulating URL parameters.

### Impacted Versions

- PHP versions before 7.4.29 and 8.0.19 on Windows running php-cgi.

### Attack Methodology

- Attackers can leverage this vulnerability by sending specially crafted requests to the PHP CGI script. These requests inject malicious parameters, enabling the execution of arbitrary commands. This can potentially result in complete system compromise.

## Usage Instructions

### Prerequisites

Before running the script, ensure you have Python 3 installed on your system. Additionally, you need the `requests` library for handling HTTP requests.

### Installing Dependencies

You can install the required dependencies using `pip`. If `pip` is not installed, follow the instructions [here](https://pip.pypa.io/en/stable/installation/).

1. Open your terminal or command prompt.
2. Run the following command to install the `requests` library:

```sh
pip install requests
```

### Running the Script

To check a target URL for the CVE-2024-4577 vulnerability, follow these steps:

- Execute the script using python3 with the target URL as an argument.

```sh
python3 exploit.py <target>
```

For instance, to test the URL http://example.com, run:

```sh
python3 exploit.py http://example.com
```

### Script Output

The script will test the provided target URL for the vulnerability and print the results to the console. It will indicate whether a potential vulnerability was found or if no vulnerability was detected.

```
(+) Potential vulnerability found at: http://example.com/cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
(-) No vulnerability found at: http://example.com/php-cgi/php-cgi.exe?%ADd+allow_url_include
```

### Remediation Steps

1. Update PHP to the latest version.
2. Ensure input parameters are properly sanitized and validated.
3. Apply secure configuration settings to restrict CGI parameter processing.

## Credits

This vulnerability was found by Orange Tsai (@orange_8361)

文件快照


 [4.0K]  /data/pocs/84fffd19cde8a326967b2a4a330ced07e45d91d3
├── [2.3K]  exploit.py
├── [1.0K]  LICENSE
├── [2.1K]  README.md
└── [  16]  requirements.txt

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。