ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

PHP Exploit Attempt - CVE-2024-4577

Risk Factors

PHP is a popular open-source scripting language. Threat groups, such as TellYouThePass, have been known to exploit this vulnerability, and the code is publicly available. An unauthenticated attacker can attempt to run arbitrary commands and gain access to sensitive files.

Kill Chain

Exploitation

Risk Score

87

Detection diagram
Next in Exploitation: Palo Alto Networks PAN-OS Command Injection Attempt - CVE-2024-3400

Attack Background

An attacker can prepend the string “%AD” onto the query string of an HTTP request line, which is then downcasted from Unicode to ASCII. This vulnerability causes an encoding conversion issue where PHP misinterprets certain URI parameters as PHP options. The misinterpreted PHP option enables an attacker to manipulate the input to remotely run malicious commands on the target system. Depending on the objective, the attacker can access sensitive files or launch further attacks on the server.

Mitigation Options

Install relevant patches for affected software versions

Sanitize URL input to PHP applications

Review HTTP daemon configuration files for PHP

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right