Found 7 bookmarks
Custom sorting
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
  • The Akamai Security Intelligence Response Team (SIRT) has been monitoring activity surrounding CVE-2024-4577, a PHP vulnerability that affects installations running CGI mode that was disclosed in June 2024. The vulnerability primarily affects Windows installations using Chinese and Japanese language locales, but it is possible that the vulnerability applies to a wider range of installations. As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors. The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig. Akamai App & API Protector has been automatically mitigating exploits that target our customers. In this blog post, we’ve included a comprehensive list of indicators of compromise (IOCs) for the various exploits we discuss.
·akamai.com·
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.
·ambionics.io·
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.
·devco.re·
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
No Way, PHP Strikes Again! (CVE-2024-4577)
No Way, PHP Strikes Again! (CVE-2024-4577)
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug
·labs.watchtowr.com·
No Way, PHP Strikes Again! (CVE-2024-4577)
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
  • Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.
·sonarsource.com·
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities