echo '<?php echo 2+2; ?>' | php vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php # Output: 4
If you own the server:
You can add PHPUnit as a local, per-project, development-time dependency to your project using Composer: ➜ wget -O phpunit https:/ A Beginner's Guide to PHPUnit | BrowserStack echo '<
This file gained significant attention in late 2017 / early 2018: ?php echo 2+2
Even if you are using a newer version of PHPUnit, the file might still exist in your directory if you originally installed a vulnerable version and upgraded incorrectly. echo '<
If an attacker finds:
php vendor/bin/phpunit --bootstrap <(echo '...') or piping code into a helper that runs that code inside PHPUnit’s runtime.