How to use CVE-2017-9841
#1
Hello,gays.

I see the following code on the website

PHP Code:
<?php

eval('?>' file_get_contents('php://stdin')); 

I don't know how to make use of it
Ask everyone to help!!Heart 
Reply
#2
(05-04-2018, 07:25 AM)Ah dry Wrote: Hello,gays.

 I'm not lesbian nor gay but NP Big Grin

The piece of code you're trying to use is related to PHPUnit, and here you can find info on the vulnerability.

CVE Wrote:Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Maybe some additional details on what you're doing may help.
Reply
#3
(05-04-2018, 11:47 AM)overfl0wN Wrote:
(05-04-2018, 07:25 AM)Ah dry Wrote: Hello,gays.

 I'm not lesbian nor gay but NP Big Grin

The piece of code you're trying to use is related to PHPUnit, and here you can find info on the vulnerability.

CVE Wrote:Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Maybe some additional details on what you're doing may help.

Oh,Thank you very much for your help.

bye,guy.
Reply
#4
I posted a link ---> https://www.cvedetails.com/cve/CVE-2017-9841/ that should explain all that you need to know about this CVE.
Try google "CVE-2017-9841" and you will find a lot of useful information, maybe some code that uses the exploit or metasploit's module.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Discovering CVE-2018-11512 - wityCMS 0.6.1 Persistent XSS nats 9 8,882 06-26-2018, 03:50 AM
Last Post: nats