This is a PoC for PHP CVE-2024-4577.
Security in the digital environment is more important than ever. That said, imagine an invisible door opens on millions of websites due to a new vulnerability in PHP, one of the most used programming languages on the web. This vulnerability, known as CVE-2024-4577, allows remote attackers to execute arbitrary commands on affected servers by injecting arguments into 1CGI. Discovered by security researcher Orange Tsai (@orange_8361) of DEVCORE (@d3vc0r3), this flaw has captured the attention of the global security community. The information we present here comes from external research sources.
CVE-2024-4577 is a remote code execution (RCE) vulnerability that affects the implementation of encoding conversion on Windows systems. This flaw is due to the way PHP handles certain arguments during encoding conversion, which can be exploited by attackers to inject and execute malicious code on the server. The vulnerability arises due to an oversight in the Best-Fit feature of encoding conversion within the Windows operating system, allowing attackers to bypass the protection implemented for CVE-2012-1823 via specific character sequences.
./CVE-2024-4577.sh <TARGET_URL>Happy hacking!