CVE-2017-9841 PoC — PHPUnit 安全漏洞

Source

Associated Vulnerability

Description

A PoC exploit for CVE-2017-9841 - PHPUnit Remote Code Execution(RCE)

Readme

# CVE-2017-9841 - PHPUnit Remote Code Execution(RCE)

This vulnerability affects PHPUnit versions before 4.8.28 and all 5.x versions before 5.6.3. It allows attackers to execute arbitrary PHP code on servers where PHPUnit is exposed. The issue exists in the `eval-stdin.php` file located in PHPUnit's Util/PHP directory. When this file is accessible (typically when the /vendor folder is exposed), attackers can send malicious HTTP POST requests containing PHP code starting with `<?php ` to execute arbitrary commands on the server.

## Impact
- Remote code execution on vulnerable servers
- Full server compromise if PHPUnit is exposed
- Particularly dangerous when /vendor directories are publicly accessible

## Affected Versions
- PHPUnit 4.x before 4.8.28
- PHPUnit 5.x before 5.6.3

## Solution
- Upgrade PHPUnit to version 4.8.28 or 5.6.3 (or later)
- Ensure /vendor directories are not publicly accessible
- Remove or restrict access to eval-stdin.php if upgrade isn't immediately possible

## References
- [CVE-2017-9841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9841)

File Snapshot

 [4.0K]  /data/pocs/2b4481b33371f6614b742ca61a430188d70e46ac
├── [3.0K]  CVE-2017-9841.go
└── [1.1K]  README.md

0 directories, 2 files

Remarks