Index Of Vendor Phpunit Phpunit Src Util Php Evalstdinphp -
Never deploy your vendor folder blindly. Use composer install --no-dev for production. Remove phpunit from your live environment. And always, always turn off directory indexing. Your future self will thank you when your server isn't listed in Shodan as a victim of CVE-2017-9041.
The vulnerability is a key component in the arsenal of several botnets, including and Androxgh0st [1†L37-L38]. The Androxgh0st malware, highlighted in a joint advisory by the FBI and CISA, uses this exact vulnerability to compromise servers, steal sensitive credentials (like AWS keys), and recruit them into a larger botnet for further malicious activities [7†L27-L32]. An exposed eval-stdin.php file is often the first step in a multi-stage attack.
To determine if your site is exposed to this RCE attack, you can check for the presence of the file and ensure your server prevents access to the vendor folder.
Security Analysis of /vendor/phpunit/phpunit/src/Util/PHP/EvalStdin.php Component: PHPUnit Severity: Critical (Remote Code Execution) CVE Reference: CVE-2017-9841 index of vendor phpunit phpunit src util php evalstdinphp
The vulnerability, documented as , stems from the fact that if this file is accessible through a web browser, it allows unauthorized, unauthenticated users to execute arbitrary PHP code on the server.
(Alternatively, place a .htaccess file inside the vendor/ folder containing Deny from all ) location ~ /vendor/ deny all; return 404; Use code with caution. 4. Update PHPUnit
To understand the risk, you need to know why eval-stdin.php exists. PHPUnit uses this script internally to execute PHP code in a separate process when running tests that require isolation. The script reads input from php://stdin and passes it to eval() . It is not intended for production use – it’s a development/testing utility. Never deploy your vendor folder blindly
The vulnerability occurs when a production website exposes its dependency directory (usually managed via Composer) to the web root. The Attack Vector
: An attacker can send a crafted HTTP POST request to this file to run arbitrary commands, take control of the server, or install malware.
PHPUnit is a development tool and should never be deployed to a production environment. Ensure it is classified as a development dependency in your composer.json : "require-dev": "phpunit/phpunit": "^9.0" Use code with caution. And always, always turn off directory indexing
Securing this vulnerability requires a mix of dependency management and proper web server configuration. 1. Update PHPUnit
You can verify if your project contains this vulnerable file by checking your server's file system or using a simple terminal command inside your project root: find vendor/ -name "eval-stdin.php" Use code with caution.
Campaign Cartographer also has a city-based module called City Designer 3. There is an up-front cost, but it’s HUGELY powerful.
https://www.profantasy.com/products/cd3.asp
So it’s billed as something for larger maps but wonderdraft is one of the best mapmaking tools I’ve used. period (and I’ve used all the ones listed above, and in the comments, with the exception of dungeonfog which I just haven’t had the time to try yet). It also does a pretty great job with cities, and I suggest you check out the wonderdraft reddit for some great examples if you need to quickly see some. I definitely recommend you look at it if you haven’t seen it already. Hope you all are doing great!
This.
Thann you for this post, there are a lot that I didn’t know about like Flowscape which seem to have really nice features.
I have been creating a software to create fantasy maps and adventure and I would be thrilled to have your feedback before it’s launched !
Just click on my name for more informations, and thank you again!
I still stick to Azgaar for general map generating. I can tweak a lot of specs and it generates even trade routes (which is really something I can’t really do well). Art wise it’s very basic, bit I still like it as basis and then go do something beautiful with it …
I personally think Azgaar is the best mapmaking tool ever created. However, it can’t do cities. I’m guessing he’s planning on it though. That guy is insane. There’s well over 100,000 lines of code in his GitHub repo.
I recently bought Atlas Architect on Steam. It’s a 3D hexagon based map maker that’s best for region or world maps but has city tile options. For terrain you left click to raise elevation and right click to lower. It’s pretty neat!