$ php vendor/phpunit/phpunit/src/Util/eval-stdin.php

<Directory "/path/to/project/vendor"> Require all denied </Directory>

No, the file was completely removed in later versions. However, if you manually copied an old eval-stdin.php into a new project, you could still be vulnerable regardless of the PHPUnit version declared in composer.json .

Upgrade your project dependencies to a patched version of PHPUnit. If on PHPUnit 4: Upgrade to or higher. If on PHPUnit 5: Upgrade to 5.6.3 or higher.

curl -X POST "http://victim.com/vendor/phpunit/phpunit/src/util/php/eval-stdin.php" \ -d "<?php echo shell_exec('id'); ?>"

This code takes the raw body of an HTTP POST request and evaluates it as PHP code. Why is "index of vendor..." a Danger Sign?

This vulnerability usually hits production environments due to two common deployment mistakes:

PHPUnit is a popular testing framework for PHP, a widely-used programming language for web development. PHPUnit allows developers to write and execute unit tests, which are crucial for ensuring the stability, reliability, and maintainability of PHP applications. Unit tests are designed to verify that individual units of code, such as functions or methods, behave as expected.

Search your access logs for POST requests to eval-stdin.php . How to Fix the Vulnerability (CVE-2017-9841) If you are affected, you must take immediate action. 1. Update PHPUnit (Preferred)

Because CVE-2017-9841 is heavily targeted by automated botnets, an exposed file has likely already been interacted with.

PHPUnit is a popular testing framework for PHP applications. The vulnerability exists within the eval-stdin.php file, which was historically included in PHPUnit's source utility directory to help run tests via standard input ( stdin ).

Sign up for more like this.

Enter your email
Subscribe