Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4577 PoC — Argument Injection in PHP-CGI

Source
https://github.com/it-t4mpan/check_cve_2024_4577.sh
Associated Vulnerability
Title:Argument Injection in PHP-CGI (CVE-2024-4577)
Description:In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Description
Bash script that checks if a PHP CGI setup is vulnerable to the CVE-2024-4577 argument injection vulnerability
Readme
*How the Script Works:*
- Input Prompt: The script prompts the user to enter a domain.
- Construct Payload: It constructs a payload that attempts to inject a command using the CGI argument injection.
- HTTP Request: The script uses curl to send a request to the specified domain with the payload.
- Check Response: The response is checked for a unique string (CVE-2024-4577-Vulnerable) to determine if the server is vulnerable.
- Output Result: The script outputs [+] Vulnerable if the server is found to be vulnerable, otherwise [-] Not Vulnerable.


*Usage:*
1. Save the script to a file, e.g., check_cve_2024_4577.sh.
2. Make the script executable: chmod +x check_cve_2024_4577.sh.
3. Run the script: ./check_cve_2024_4577.sh.
4. Enter the domain you want to check when prompted.

Disclaimer:
- Ensure you have permission to test the target server.
- Use this script responsibly and only for legitimate security testing purposes.
- The script is a basic example and may need modifications to handle various edge cases or more complex setups.

This script provides a quick way to check for the CVE-2024-4577 vulnerability, but comprehensive security assessments should always be conducted by professionals.
File Snapshot

 [4.0K]  /data/pocs/c53eca8846294570bc4b67be63039bc292331684
├── [ 940]  cve_2024_4577.sh
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →