Vendor Phpunit Phpunit Src Util Php Eval-stdin.php Exploit -

The Critical Legacy: Understanding and Fixing the PHPUnit eval-stdin.php RCE (CVE-2017-9841)

This vulnerability is included in the Metasploit Framework ( exploit/multi/http/phpunit_eval stdin ), making exploitation trivial for unskilled attackers. vendor phpunit phpunit src util php eval-stdin.php exploit

request containing arbitrary PHP code to that URL. The server will then execute that code with the same permissions as the web server [1, 3]. How to Mitigate It If you are managing a project where this file exists: Restrict Access: Ensure your The Critical Legacy: Understanding and Fixing the PHPUnit

curl -s -X POST http://target.com/path/to/eval-stdin.php -d "<?php echo 'test'; ?>" | grep test ?php echo 'test'

via web server configuration.