CVE-2024-4577 is a critical vulnerability affecting PHP applications that utilize the Common Gateway Interface (CGI). This tool serves as both a scanner and an exploit, enabling cybersecurity professionals to:
- Detect PHP CGI Argument Injection flaws
- Exploit vulnerabilities leading to Remote Code Execution (RCE)
- Execute arbitrary PHP code on vulnerable systems
- 🔍 Vulnerability Detection: Robust scanning process to identify susceptible PHP applications
- 💥 Exploit Functionality: Customizable payloads for targeted vulnerability exploitation
- 🔧 Flexible Payload Management: Specify PHP payload files for post-exploitation execution
- 👥 User-Friendly Interface: Simple command-line options with clear, actionable output
# Clone the repository
git clone https://github.com/your-username/CVE-2024-4577-scanner.git
# Navigate to the project directory
cd CVE-2024-4577-scanner
# Install required dependencies
pip install -r requirements.txt
Ensure you have Python 3 installed on your system. Use the following command structure:
python3 CVE-2024-4577.py [-h] -t TARGET_FILE [-s] [-e] [-p PAYLOAD_FILE]
-h, --help
: Show help message and exit-t TARGET_FILE, --target-file TARGET_FILE
: File containing target URLs (required)-s, --scan
: Perform vulnerability scan only-e, --exploit
: Attempt to exploit the vulnerability-p PAYLOAD_FILE, --payload-file PAYLOAD_FILE
: PHP payload file for exploitation
python3 CVE-2024-4577.py -t targetsite.txt -e -p rev_shell.php
Utilize powerful search engines to identify potentially vulnerable hosts:
Search for servers running PHP versions 8.1, 8.2, and 8.3:
server: PHP 8.1, server: PHP 8.2, server: PHP 8.3, html:"phpinfo"
protocol="http" && (header="X-Powered-By: PHP/8.1" || header="X-Powered-By: PHP/8.2" || header="X-Powered-By: PHP/8.3")
This tool is intended for authorized security testing and research purposes only. Ensure you have explicit permission before scanning or attempting to exploit any systems you do not own or have the right to test.
If you encounter any issues or have questions, please file an issue on the GitHub issue tracker.