Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9841 PoC — PHPUnit 安全漏洞

Source
https://github.com/RandomRobbieBF/phpunit-brute
Associated Vulnerability
Title:PHPUnit 安全漏洞 (CVE-2017-9841)
Description:Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Description
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
Readme
# phpunit-brute

Tool to try multiple paths for PHPunit RCE (CVE-2017-9841) and it will log found paths to found.txt in the dir.

It uses the following list of paths `https://raw.githubusercontent.com/random-robbie/bruteforce-lists/master/phpunit.txt`

if you have a path that is not on there please submit a PR


```
usage: phpunit-brute.py [-h] -u URL [-p PROXY]
phpunit-brute.py: error: the following arguments are required: -u/--url
```


Example
---

```
python3 phpunit-brute.py -u http://someoldwebsite.com


[-] No Luck for /_inc/vendor/stripe/stripe-php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/cron/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel E2N test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel%20E2N%20test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /172410101040/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /1board/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /20170811125232/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[+] Found RCE for http://someoldwebsite.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [+]
```
File Snapshot

 [4.0K]  /data/pocs/a01add6962ba9760208d382ffa51c0d04b8a180f
├── [2.6K]  phpunit-brute.py
└── [1.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →