Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-4577 PoC — Argument Injection in PHP-CGI

Source
https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT
Associated Vulnerability
Title:Argument Injection in PHP-CGI (CVE-2024-4577)
Description:In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Description
A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE)
Readme
# CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE)

In certain versions of PHP (8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8), a critical vulnerability exists when using PHP with Apache and PHP-CGI on Windows. If the system is configured to use specific code pages, Windows' "Best-Fit" behavior may replace characters in command lines given to Win32 API functions. This behavior can cause the PHP-CGI module to misinterpret these characters as PHP options, potentially allowing an attacker to pass options to the PHP binary. This could lead to the exposure of script source code or the execution of arbitrary PHP code on the server.

## Proof of Concept (PoC)

I have developed a proof of concept (PoC) exploit for this vulnerability to demonstrate its potential impact.

**Disclaimer:** This PoC is provided for educational purposes and to aid in the development of security measures. It should not be used for malicious purposes. Use it responsibly and only on systems where you have explicit permission to do so.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →