As seen in ...
For more information on PHPUnit, Composer, and PHP development, consider the following resources:
<?php // ... evaluates whatever is passed to Standard Input (STDIN) ... eval('?>' . file_get_contents('php://stdin')); ?> index of vendor phpunit phpunit src util php eval-stdin.php
<Directory "/path/to/project/vendor"> Require all denied </Directory> For more information on PHPUnit, Composer, and PHP
// Programmatically running tests $suite = new \PHPUnit\Framework\StaticTestSuite(MyTestClassTest::class); $result = new Result(); $runner = new \PHPUnit\Runner\TestRunner($suite, $result); $runner->run(); For more information on PHPUnit
If you've seen the string in your server logs or search results, you are looking at evidence of a highly critical security vulnerability. This path is the calling card for CVE-2017-9841 , a Remote Code Execution (RCE) flaw in PHPUnit that remains one of the most scanned-for vulnerabilities by automated botnets today. What is the PHPUnit eval-stdin.php Vulnerability?
As seen in ...