Index Of: Vendor Phpunit Phpunit Src Util Php Evalstdinphp

The vulnerability exists because EvalStdin.php accepts input from the HTTP request body (standard input) and executes it without authentication or authorization checks.

To secure a system containing this file, immediate action is required.

An attacker can send a crafted HTTP POST request to the specific URL of the file. The body of the POST request contains the PHP code the attacker wishes to execute. index of vendor phpunit phpunit src util php evalstdinphp

Example Attack Request:

POST /vendor/phpunit/phpunit/src/Util/PHP/EvalStdin.php HTTP/1.1
Host: targetsite.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 23

<?php system('id'); ?>

In this scenario:

Nginx Configuration Example:

location ~ /vendor/ 
    deny all;
    return 404;

Apache Configuration (.htaccess):

<IfModule mod_rewrite.c>
    RewriteRule ^vendor/.*$ - [F,L]
</IfModule>

Start typing and press enter to search

...
en_USEnglish
zh_CNChinese (China) zh_TWChinese (Taiwan) fr_FRFrench de_DEGerman jaJapanese ko_KRKorean pl_PLPolish pt_BRPortuguese ru_RURussian es_ESSpanish ukUkrainian arArabic en_USEnglish
Scroll to Top