PHP < 5.3.12 and 5.4.x < 5.4.2 - Remote Code Execution via CGI Query String
Title source: llmExploitation Summary
CVE-2012-1823 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022.
EIP tracks 17 public exploits from researchers including 0xl0k1, Unix13, tardummy01, including a Metasploit module exploits/multi/http/php_cgi_arg_injection.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2012-1823, which leverages PHP CGI argument injection to achieve remote code execution. The exploit uses a crafted query string to inject PHP code via the `allow_url_include` and `auto_prepend_file` directives.
Description
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Exploits (17)
This repository contains a functional exploit for CVE-2012-1823, which leverages PHP CGI argument injection to achieve remote code execution. The exploit uses a crafted query string to inject PHP code via the `allow_url_include` and `auto_prepend_file` directives.
This PHP script establishes a reverse shell connection to a specified IP and port, then executes arbitrary commands received from the remote server. It uses multiple socket methods for redundancy and reads a length-prefixed payload for execution via eval().
This repository contains multiple Python scripts demonstrating HTTP request handling, network socket operations, and basic enumeration techniques. The scripts include examples of HTTP GET/HEAD/OPTIONS requests, TCP/UDP client-server implementations, and a simple enumeration script.
This repository is a writeup documenting the exploitation of CVE-2012-1823, a PHP-CGI argument injection vulnerability, using Metasploit to achieve remote code execution on a Metasploitable 2 target. It includes steps for lab setup, reconnaissance, exploitation, and post-exploitation.
The repository contains two Python scripts: one for checking vulnerabilities (CVE-2012-1823 and CVE-2021-2291) and another for exploiting CVE-2012-1823 via PHP CGI argument injection. The exploit script sends a GET request with a command injection payload to a target URL.
This repository contains a working proof-of-concept for CVE-2012-1823, a PHP-CGI remote code execution vulnerability. It includes a Docker-based test environment and demonstrates how to exploit the vulnerability by injecting command-line arguments via the query string to achieve arbitrary code execution.
This script checks for CVE-2012-1823, a PHP CGI vulnerability, by sending a crafted request to common PHP CGI paths and verifying if the target is vulnerable by checking for a specific response string.
This repository contains a functional Python exploit for CVE-2012-1823, which targets PHP-CGI configurations to achieve remote code execution by injecting command-line arguments via the query string. The exploit leverages the `-d` directive to override PHP settings and execute arbitrary commands.
This repository is a writeup describing the use of OWASP ZAP to assess vulnerabilities in DVWA, specifically referencing CVE-2012-1823 for Remote Code Execution. It does not contain actual exploit code or a proof-of-concept.
This is a writeup for exploiting CVE-2012-1823 using Metasploit's php_cgi_arg_injection module. It provides step-by-step instructions for targeting a vulnerable PHP CGI configuration.
The repository contains minimal setup scripts for Apache with CGI modules enabled, likely intended to replicate a vulnerable environment for CVE-2012-1823 (PHP CGI argument injection). However, no actual exploit code or payload is present.
This repository provides a detailed technical analysis of CVE-2012-1823, a PHP-CGI argument injection vulnerability leading to Remote Code Execution (RCE). It includes explanations of the exploit mechanism, payload construction, and practical exploitation steps using tools like curl and Metasploit.
This exploit leverages PHP CGI argument injection (CVE-2012-1823) by sending a crafted HTTP POST request with malicious query parameters to enable remote code execution via PHP directives. The payload injects PHP code through the `auto_prepend_file` directive, demonstrating the vulnerability.
This Metasploit module exploits CVE-2012-1823, a PHP CGI argument injection vulnerability, by leveraging the -d flag to manipulate php.ini directives and achieve remote code execution. It sends a crafted POST request with malicious PHP code in the body, which is executed due to the misconfigured directives.
This exploit targets CVE-2012-1823, a remote code execution vulnerability in PHP CGI configurations. It crafts a malicious HTTP POST request to trigger arbitrary command execution via PHP's query string parameter handling. The script supports vulnerability scanning, command execution, and reverse shell payloads.
This exploit targets CVE-2012-1823, a vulnerability in PHP CGI implementations where improper handling of command-line arguments allows bypassing security checks. The exploit crafts a malicious POST request to execute arbitrary PHP code, leading to remote command execution.
This Metasploit module exploits CVE-2012-1823, an argument injection vulnerability in PHP CGI up to versions 5.3.12 and 5.4.2. It leverages the -d flag to manipulate php.ini directives and achieve remote code execution by injecting malicious PHP code via the auto_prepend_file directive.
Nuclei Templates (1)
cpe:"cpe:2.3:a:php:php"
References (31)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H