search

CVE-2024-4577

CVE-2024-4577 is a PHP CGI Argument Injection Vulnerability discovered by DEVCOREarrow-up-right. The vulnerability has been verified on Windows machines running in the following locales:

  • Traditional Chinese (Code Page 950)

  • Simplified Chinese (Code Page 936)

  • Japanese (Code Page 932)

All versions of XAMPP on Windows are vulnerable by default. Following PHP versions are affected on the Windows operating system:

  • PHP 8.3 < 8.3.8

  • PHP 8.2 < 8.2.20

  • PHP 8.1 < 8.1.29

hashtag
How to setup your own PoC environment

  1. On your Windows machine download and install XAMPParrow-up-right.

  2. Download mod_fcgid.soarrow-up-right and paste it in C:\xampp\apache\modules

  3. Verify that the below code is not commented in C:\xampp\apache\conf\extra\httpd-xampp.conf

#
# PHP-CGI setup
#
<FilesMatch "\.php$">
    SetHandler application/x-httpd-php-cgi
</FilesMatch>
<IfModule actions_module>
    Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
</IfModule>

  1. Start the Apache / PHP using XAMPP Control Panel and verify that CGI/FastCGI is running.

  1. Change system locale to either of the three listed locales above, and reboot the host. This will not change the Windows display language. Control Panel > Clock and Region > Region > Administrative > Change system locale...

  2. Once rebooted start the webserver again and attack the target from any host.

Last updated

Was this helpful?