Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9841 PoC — PHPUnit 安全漏洞

Source
https://github.com/Chocapikk/CVE-2017-9841
Associated Vulnerability
Title:PHPUnit 安全漏洞 (CVE-2017-9841)
Description:Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Description
PHPUnit RCE
Readme
## **VulnerabilityScanner for PHPUnit RCE**

A specialized vulnerability scanner developed to identify and interactively exploit the Remote Code Execution (RCE) vulnerability in PHPUnit's `eval-stdin.php`. This vulnerability affects PHPUnit versions before 4.8.28 and 5.x before 5.6.3 and allows remote attackers to execute arbitrary PHP code via HTTP POST data.

### **Description of the Vulnerability:**

The `Util/PHP/eval-stdin.php` file in PHPUnit, in versions prior to 4.8.28 and 5.x before 5.6.3, has a vulnerability allowing remote attackers to execute arbitrary PHP code. An attacker can exploit this by sending HTTP POST data starting with a `<?php` substring. This poses a significant threat to sites with an exposed `/vendor` directory, giving external access to the `/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php` URI.

### **Features:**

- Mass scanning sourced from a list of URLs.
- Interactive shell mode for single target exploitation.
- Efficient scanning with multi-threading.
- Neat and color-coded console outputs using `rich`.
- Export feature for vulnerable URLs.

### **Installation:**

Ensure you have the required Python packages installed:

```bash
pip install -r requirements.txt
```

### **Usage:**

- Conduct a mass scan using a list of URLs, and output vulnerable ones:
```bash
python exploit.py -f path_to_file_with_urls.txt -o output_vulnerable_urls.txt
```

- Interact with a specific URL using the shell:
```bash
python exploit.py -u target_url
```

### **Arguments:**

- `-f, --file`: Provide a list of base URLs for scanning from a file.
- `-u, --url`: Enter the target URL for interactive shell mode.
- `-o, --output`: Designate a file to store detected vulnerable URLs.
- `-t, --threads`: Specify the number of threads. Defaults to `10`.

### **Disclaimer:**

This tool is intended solely for educational and defensive purposes. Always obtain proper permissions before scanning or exploiting any system. The developer is not responsible for misuse or any potential damages.
File Snapshot

 [4.0K]  /data/pocs/3275b608f17f938faedf361205222602f22bf8dd
├── [4.7K]  exploit.py
├── [2.0K]  README.md
└── [  92]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →