mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-12 00:58:33 +02:00
4.8 KiB
4.8 KiB
CVE-2017-9841
Description
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
POC
Reference
- http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/
- https://www.oracle.com/security-alerts/cpuoct2021.html
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0xIceKing/dfcf_def_atk_2024
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/CLincat/vulcat
- https://github.com/Chocapikk/CVE-2017-9841
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Emmanucodes/network-traffic-analysis
- https://github.com/Habibullah1101/PHPUnit-GoScan
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Jhonsonwannaa/CVE-2017-9841-
- https://github.com/Jhonsonwannaa/Jhonsonwannaa
- https://github.com/K3ysTr0K3R/CVE-2017-9841-EXPLOIT
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/MadExploits/PHPunit-Exploit
- https://github.com/Mariam-kabu/cybersec-labs
- https://github.com/Michael-Meade/snackhack2
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/MrG3P5/CVE-2017-9841
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Pwdnx1337/CVE-2017-9841
- https://github.com/RandomRobbieBF/phpunit-brute
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Sohrabian/special-cyber-security-topic
- https://github.com/Threekiii/Awesome-POC
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Yucaerin/laravel
- https://github.com/Z0fhack/Goby_POC
- https://github.com/akmalovaa/crowdsec-blocklist
- https://github.com/akr3ch/CVE-2017-9841
- https://github.com/cyberharsh/Php-unit-CVE-2017-9841
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/ddrimus/http-threat-blocklist
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/drcrypterdotru/BurnWP-Framework
- https://github.com/drcrypterdotru/PHPUnit-GoScan
- https://github.com/dream434/CVE-2017-9841
- https://github.com/dream434/CVE-2017-9841-
- https://github.com/dream434/dream434
- https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist
- https://github.com/duggytuxy/Intelligence_IPv4_Blocklist
- https://github.com/giorgimakasarashvili/WEB-PEN-CVE
- https://github.com/iamthefrogy/BountyHound
- https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
- https://github.com/incogbyte/laravel-phpunit-rce-masscaner
- https://github.com/itshanson/Malware-Dev
- https://github.com/jax7sec/CVE-2017-9841
- https://github.com/joelindra/Argus
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/ludy-dev/PHPUnit_eval-stdin_RCE
- https://github.com/mSOC-io/webtraffic-reference
- https://github.com/manhhungvn/dfcd2024
- https://github.com/marvinoon/P1BG3-ExploitScan
- https://github.com/mbrasile/CVE-2017-9841
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/mileticluka1/eval-stdin
- https://github.com/moonwayy/hindicybersec
- https://github.com/n0-traces/cve_monitor
- https://github.com/namurice/webpen2
- https://github.com/nholuongut/secure-a-linux-server
- https://github.com/p1ckzi/CVE-2017-9841
- https://github.com/purwocode/burning-wp
- https://github.com/rodnt/laravel-phpunit-rce-masscaner
- https://github.com/savior-only/javafx_tools
- https://github.com/shanyuhe/YesPoc
- https://github.com/silit77889/memek-loncat
- https://github.com/sobinge/nuclei-templates
- https://github.com/soriesesay1/SOC_Home_Lab
- https://github.com/unp4ck/laravel-phpunit-rce-masscaner
- https://github.com/veo/vscan
- https://github.com/vinhjaxt/dfcd-2024
- https://github.com/warriordog/little-log-scan
- https://github.com/warung-madura/cse
- https://github.com/yamori/pm2_logs
- https://github.com/ynsta/traefik-waf-example
- https://github.com/yoloskr/CVE-2017-9841-Scan
- https://github.com/zapalm/prestashop-security-vulnerability-checker
- https://github.com/zulloper/cve-poc