If you need help writing an automated to prevent this in the future? Share public link
: Ensure the autoindex directive is set to off; in your server block configuration. 4. Change the Web Root
If you cannot change the structure, configure your web server to block access to the vendor directory entirely. location ~ /vendor/.*\.php$ deny all; Use code with caution. For Apache (.htaccess):
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: target-website.com Content-Type: text/plain Use code with caution. If you need help writing an automated to
攻击者在互联网上主动搜索 index of /vendor/phpunit 这类路径,正是为了快速定位暴露了 vendor 目录且启用了目录列表功能的服务器,进而找到 eval-stdin.php 这个后门入口,再通过精心构造的 HTTP POST 请求,即可在目标服务器上执行任意 PHP 代码。
It directly takes input from a HTTP request and executes it using eval() . Why is this a "Hot" Target?
Attackers often combine two search techniques: Change the Web Root If you cannot change
PHPUnit is a unit testing framework for PHP that allows you to write and execute tests for your code. It's a crucial tool for ensuring that your code works as expected, catching bugs and errors early on, and preventing regressions. With PHPUnit, you can write tests for individual units of code, such as functions, methods, and classes, and then run those tests to verify that your code behaves correctly.
The Danger: Remote Code Execution (RCE) vulnerability. If accessible via web, attackers can send arbitrary PHP code to execute.
autoindex off;
public function testEvalStdin()
In this example, the evalStdin.php utility is used to evaluate the PHP code and return the result, which is then asserted in the test.