PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
PoC: phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
PoC: laravel-phpunit-rce-masscaner
Masscanner for Laravel phpunit RCE CVE-2017-9841
PoC: CVE-2017-9841
A Tool for scanning CVE-2017-9841 with multithread
PoC: PHPUnit_eval-stdin_RCE
(CVE-2017-9841) PHPUnit_eval-stdin_php Remote Code Execution
PoC: CVE-2017-9841-
CVE-2017-9841
PoC: CVE-2017-9841-PHPUnit-Remote-Code-Execution-RCE-PoC
CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.
PoC: CVE-2017-9841
Laravel-RCE: CVE-2017-9841
PoC: PHPUnit-GoScan
🛡️ Scan for vulnerable PHPUnit endpoints quickly with this fast, multithreaded tool, ensuring your applications stay secure against CVE-2017-9841.
PoC: CVE-2017-9841
PHP Unit 4.8.28 - Remote Code Execution (exploiter)
PoC: PHPUnit-GoScan
PHPUnit CVE-2017-9841 Scanner in Go clean and fire.
PoC: CVE-2017-9841-EXPLOIT
A PoC exploit for CVE-2017-9841 - PHPUnit Remote Code Execution(RCE)
PoC: Argus
"Argus" is a security tool designed to scan a list of websites for a known vulnerability in the PHPUnit framework, specifically the CVE-2017-9841 vulnerability. The tool attempts to exploit this vulnerability to verify its existence.
PoC: CVE-2017-9841
PHPUnit RCE
PoC: PHPunit-Exploit
PHPunit Checker CVE-2017-9841 By MrMad
PoC: eval-stdin
Automated Exploit for CVE-2017-9841 (eval-stdin.php vulnerable file)
PoC: cve-2017-9841
RCE from phpunit 5.6.2
PoC: CVE-2017-9841
CVE-2017-9841批量扫描及利用脚本。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。
PoC: CVE-2017-9841
phpunit-shell | CVE_2017-9841
PoC: CVE-2017-9841
RCE exploit for PHP Unit 5.6.2
PoC: CVE-2017-9841
CVE-2017-9841 detector script
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free