From 416be91f56e806fad887422db172d68980440746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=A0pa=C4=8Dek?= <mail@michalspacek.cz>
Date: Wed, 15 Jan 2025 02:53:53 +0100
Subject: [PATCH] =?UTF-8?q?Show=20prase[sic!=F0=9F=90=96]=20error=20on=20C?=
 =?UTF-8?q?VE-2024-4577=20exploit=20attempts?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2024-4577 is the PHP CGI Argument Injection Vulnerability affecting PHP-CGI on Windows
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

But I don't run Windows, and I patch my PHPs.
---
 app/src/EasterEgg/FourOhFourButFound.php        |  1 +
 app/src/EasterEgg/templates/phpCve20244577.html | 12 ++++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 app/src/EasterEgg/templates/phpCve20244577.html

diff --git a/app/src/EasterEgg/FourOhFourButFound.php b/app/src/EasterEgg/FourOhFourButFound.php
index d2f3d991d..0aee4f2d9 100644
--- a/app/src/EasterEgg/FourOhFourButFound.php
+++ b/app/src/EasterEgg/FourOhFourButFound.php
@@ -13,6 +13,7 @@
 {
 
 	private const array TEMPLATES = [
+		'?%ad' => __DIR__ . '/templates/phpCve20244577.html',
 		'/etc/passwd' => __DIR__ . '/templates/etcPasswd.html',
 	];
 
diff --git a/app/src/EasterEgg/templates/phpCve20244577.html b/app/src/EasterEgg/templates/phpCve20244577.html
new file mode 100644
index 000000000..bb532b63b
--- /dev/null
+++ b/app/src/EasterEgg/templates/phpCve20244577.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Prase error</title>
+</head>
+<body>
+<br>
+<b>Parse error</b>:  syntax error, unexpected token &quot;&lt;?php&quot;, expecting &quot;&lt;?gif87a&quot; or &quot;&lt;?gif89a&quot; in <b>php://input</b> on line <b>-1</b>°C<br>
+</body>
+</html>