jaygooby/vars.php

## vars.php
<?php
  // Check if your Wordpress install is vulnerable to
  // https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
  //
  // After you've saved this to your docroot/wp-content folder, you can call
  // curl -sH "Host: vulnerable" http://example.com/wp-content/vars.php | grep SERVER_NAME | grep vulnerable
  // where example.com is your actual wordpress domain.
  //
  // If you see nothing, you're fine; you're either running nginx or the patched version of Wordpress.
  // If you see [SERVER_NAME] => vulnerable, then you should patch ASAP
  //
  // See this thread for details on how Apache's UseCanonicalName
  // might also help: https://twitter.com/FiLiS/status/859865482215784448
  //
  // Delete the vars.php file once you know either way!
  //
  // @jaygooby on Twitter
  print_r($_SERVER);
?>
	<?php
	// Check if your Wordpress install is vulnerable to
	// https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
	//
	// After you've saved this to your docroot/wp-content folder, you can call
	// curl -sH "Host: vulnerable" http://example.com/wp-content/vars.php \| grep SERVER_NAME \| grep vulnerable
	// where example.com is your actual wordpress domain.
	//
	// If you see nothing, you're fine; you're either running nginx or the patched version of Wordpress.
	// If you see [SERVER_NAME] => vulnerable, then you should patch ASAP
	//
	// See this thread for details on how Apache's UseCanonicalName
	// might also help: https://twitter.com/FiLiS/status/859865482215784448
	//
	// Delete the vars.php file once you know either way!
	//
	// @jaygooby on Twitter
	print_r($_SERVER);
	?>