Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4577 PoC — Argument Injection in PHP-CGI

Source
https://github.com/cybersagor/CVE-2024-4577
Associated Vulnerability
Title:Argument Injection in PHP-CGI (CVE-2024-4577)
Description:In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Description
CVE-2024-4577 Exploits
Readme
# Fastest CVE-2024-4577 Exploitation Tool

## Description: PHP CGI Remote Code Execution

The CVE-2024-4577 Exploit Tool (`exploit.py`) is a Python script designed to exploit web servers' specific vulnerability (CVE-2024-4577). Based on the response content, it sends POST requests to a list of provided hosts to determine if they are vulnerable.

## Features

- Multi-threaded execution for faster testing across multiple hosts.
- Checks for CVE-2024-4577 vulnerability by sending POST requests with custom headers and data.
- Outputs results to the console and optionally to a specified output file.
- Provides a summary of requests sent, vulnerable hosts found, not vulnerable hosts, and errors encountered.

## Requirements

- Python 3.6 or higher
- `requests` library (`pip install requests`)
- `colorama` library for colored console output (`pip install colorama`)

## Usage

### Installation

1. Clone or download the repository to your local machine.

2. Install required dependencies using pip:
```bash
   sudo pip install requests colorama
```

## Onliner Installation:
```
git clone https://github.com/cybersagor/CVE-2024-4577.git &&
cd CVE-2024-4577 &&
sudo chmod +x exploit.py &&
sudo pip install requests colorama
```

## Command-line Arguments
```bash
python exploit.py -l host.txt -o output.txt -w 150
```
File Snapshot

 [4.0K]  /data/pocs/918b6c7424b54e82bbd1510dea4f3fb95d70e73e
├── [4.0K]  exploit.py
└── [1.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →