Обзор Bootstrap, в том числе, как загрузить и использовать его, некоторые основные шаблоны и примеры, и многое другое.
🛡️ Why You Are Seeing This: The PHPUnit RCE Vulnerability (CVE-2017-9841)
The danger lies in the file's code. It contains a single but devastating command:
If the vendor/ directory is placed within the public web root (e.g., public_html/ or var/www/html/ ) and the web server is configured to execute PHP files inside that directory, eval-stdin.php becomes publicly accessible via a URL. How Attackers Exploit It 🛡️ Why You Are Seeing This: The PHPUnit
If you’re maintaining an old application that has PHPUnit in the web root, immediately take action:
DocumentRoot "/var/www/myapp/public" <Directory "/var/www/myapp/public"> Options -Indexes AllowOverride All Require all granted </Directory> This public link is valid for 7 days
Understanding vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php : The RCE Risk
This exact vulnerability was tracked as – affecting PHPUnit versions before 4.8.28, 5.x before 5.6.3, and 6.x before 6.4.0. Can’t copy the link right now
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
If you discover this file on your production server, take the following mitigation steps immediately. 1. Update PHPUnit
Let’s illustrate the workflow:
The script reads the input, strips any opening <?php tags if present, and passes the raw code to eval() . The output is whatever the evaluated code produces.