ludy-dev/PHPUnit_eval-stdin_RCE. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Access logs errors "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" when using Nginx without PHP.
lib/phpunit/phpunit/Util/PHP/eval-stdin.php Not Found
Vendor and your public files should be in separate directories and only the files which handle your web requests exposed. Also STDIN works for fetching raw HTTP requests. In CLI mode it fetches the command input, in CGI mode it fetches the body of the request and concurrent streams.
PHPUnit is a PHP test framework for programmers. Util/PHP/eval-stdin.phpThe remote attacker allows remote attackers before the PHPUNIT and 5.6.3 before 4.8.28.<?phpThe HTTP POST data starts at the beginning of the substring executes any PHP code, such as the attack (ie, external access) that has...
It basically allows you to include the userspice PHP file and then control access to a certain PHP page. As I have seen some spikes in my log management about 404 requests I was getting curious and decided to look at the apache logs directly.
Если это так, то, возможно, затронуты все версии PHPUnit, содержащие eval-stdin.php. Имейте в виду, что вы можете неосознанно использовать уязвимый модуль, разработанный третьими лицами с помощью фреймворка PHPUnit, не удаляя его перед публикацией в продакшен.
CVE-2017-9841 Detail. Description. Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e...
/public_html/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. I checked the file content, and it appears to be ok
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed