Orange Tsi 🍊
This vulnerability was found by Orange Tsai (@orange_8361) of DEVCORE (@d3vc0r3). Make sure to follow his outstanding research, our role was to only recreate and develop the exploit for this issue. Security Alert: CVE-2024-4577 PHP CGI Argument Injection Vulnerability
Overview CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.
Affected Versions PHP 8.3 < 8.3.8 PHP 8.2 < 8.2.20 PHP 8.1 < 8.1.29
Attack Vector Attackers can exploit this by sending specially crafted requests to the PHP CGI script, injecting malicious parameters to execute arbitrary commands. This can lead to full system compromise.
Mitigation
- Upgrade to the latest PHP version(It is strongly recommended that all users upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29)
- Sanitize and validate input parameters.
- Use secure configuration settings to limit CGI parameter handling.
How to Use Python Script Install the requests library: pip install requests Run the script: python test_cgi_vulnerability.py Enter the URL to test when prompted.
Go Script Make sure Go is installed on your system. Run the script: go run test_cgi_vulnerability.go Enter the URL to test when prompted. Notes These scripts check for the vulnerability by sending harmless payloads and examining the response. Ensure you have permission to test the target server. Adjust the payloads or URLs as necessary for your specific setup. Install the requests library: pip install requests Run the script: python test_cgi_vulnerability.py Enter the URL to test when prompted.
Go Script Run the script: go run test_cgi_vulnerability.go Enter the URL to test when prompted. Notes These scripts check for the vulnerability by sending harmless payloads and examining the response. Ensure you have permission to test the target server. Adjust the payloads or URLs as necessary for your specific setup.