## https://sploitus.com/exploit?id=1481FD79-6F61-5542-ACF7-AB586C9C3CDF
# CVE-2024-4577 PHP CGI Remote Code Execution Exploit
**Author:** Byte Reaper
**CVE:** CVE-2024-4577
**Category:** Web Exploitation
**Target Versions:** PHP CGI 8.1, 8.2, 8.3
**Target OS:** Windows
**License :** MIT
---
## Overview
This repository contains a proof-of-concept exploit for the **CVE-2024-4577** vulnerability in PHP CGI versions 8.1, 8.2, and 8.3 running on Windows systems. This vulnerability allows remote code execution (RCE) by exploiting insecure PHP CGI configurations.
---
## Features
- Remote code execution via crafted HTTP POST requests
- Supports execution of arbitrary commands on the target server
- Reverse shell functionality to gain interactive access
- Activity logging and response analysis for verification
---
## Requirements
- Windows Operating System (to run the exploit)
- libcurl for HTTP requests
- Winsock2 for networking
- Compatible C compiler (e.g., MSVC)
---
## Building
- => C:\Users\pc\Downloads\gcc\bin\gcc.exe .\exploit.c .\argparse.c -I"C:\Users\pc\Downloads\curl-8.14.1_2-win64-mingw\include" -L "C:\Users\pc\Downloads\curl-8.14.1_2-win64-mingw\lib" -lcurl -lws2_32 -o CVE-2024-4577
## Usage
- -u : Target URL PHP CGI
- -c : Execute the command on the server
- -p : Listen Port
- => CVE-2024-4577.exe -u http://target/cgi-bin/php-cgi.exe "system(whoami)"
Or Argument listen port :
=> CVE-2024-4577.exe -u http://target/cgi-bin/php-cgi.exe "system(whoami)" -p 1234
## Important Disclaimer
WARNING: This tool is for educational and authorized security testing only!
Do NOT use this exploit on systems without explicit permission from the owner.
Unauthorized usage may lead to legal consequences.
## Contact
Telegrame : @ByteReaper0