- This PoC demonstrates how an attacker can chain Orange Tsai's
CVE-2024-4577with DNS rebinding to achieve remote code execution on internal network infrastructure directly through the victim’s web browser. By bypassingSame-Origin Policy (SOP)and exploiting vulnerablePHP-CGIinstances running onlocal XAMPP servers, internal development environments, or corporate networks, this attack enables full code execution on systems never intended to be exposed to the internet.
- https://www.hackandhide.com/your-browser-is-now-your-enemy-delivering-php-rce-to-your-local-servers/
-
Register at duckdns
-
Create a subdomain (e.g., example.duckdns.org)
-
Note your DuckDNS token from the dashboard
-
Configure server.py:
DUCKDNS_DOMAIN = "your-subdomain" # Your DuckDNS subdomain DUCKDNS_TOKEN = "your-token-here" # Your DuckDNS token
-
to configure a custom payload, locate this line in
client.htmland replace it with your payload.const payload = `<?php system('calc');?>;echo 1337; die;`;
-
Also, you can modify the list of IPs. As we explained in the article, if you want to implement internal network scanning, you can use the JavaScript snippet I showed there. In this PoC, I’ll be using a predefined list of common IPs to keep it simple and fast
- requests
22sGc.1.mp4
- It never needed to be online… to be safe."