Show prase[sic!🐖] error on CVE-2024-4577 exploit attempts

CVE-2024-4577 is the PHP CGI Argument Injection Vulnerability affecting PHP-CGI on Windows https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ But I don't run Windows, and I patch my PHPs.
spaze · Jan 15, 2025 · 416be91 · 416be91
1 parent c691c0a
commit 416be91
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/app/src/EasterEgg/FourOhFourButFound.php b/app/src/EasterEgg/FourOhFourButFound.php
@@ -13,6 +13,7 @@
 {
 
 	private const array TEMPLATES = [
+		'?%ad' => __DIR__ . '/templates/phpCve20244577.html',
 		'/etc/passwd' => __DIR__ . '/templates/etcPasswd.html',
 	];
 

diff --git a/app/src/EasterEgg/templates/phpCve20244577.html b/app/src/EasterEgg/templates/phpCve20244577.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Prase error</title>
+</head>
+<body>
+<br>
+<b>Parse error</b>:  syntax error, unexpected token &quot;&lt;?php&quot;, expecting &quot;&lt;?gif87a&quot; or &quot;&lt;?gif89a&quot; in <b>php://input</b> on line <b>-1</b>°C<br>
+</body>
+</html>
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,7 @@ @@
     {
     	private const array TEMPLATES = [
+    		'?%ad' => __DIR__ . '/templates/phpCve20244577.html',
     		'/etc/passwd' => __DIR__ . '/templates/etcPasswd.html',
     	];
@@ Expand Down @@