Phintraco Sekuritas adalah Perusahaan Sekuritas, Anggota Bursa Efek Indonesia yang menyediakan layanan Perantara Pedagang Efek dan Penjamin Emisi Efek. Phintraco Sekuritas berhasil meraih 8 Rekor MURI dan memiliki jaringan yang luas di Indonesia dengan Kantor Cabang dan Galeri Investasi tersebar dari Aceh hingga Papua.
Investor
Kantor Cabang
Galeri Investasi
Divisi Institutonal Brokerage siap memberikan pelayanan kepada perusahaan atau lembaga yang tertarik untuk berinvestasi.
Selengkapnya
Phintraco Sekuritas juga memiliki layanan Investment Banking yang dapat membantu memenuhi kebutuhan Perusahaan Anda.
SelengkapnyaSection 7: Best practices for PHPUnit deployment – never expose vendor directory publicly, keep PHPUnit as dev dependency, remove from production.
echo "<?php echo 'Hello World!';" | phpunit --eval-stdin
PHPUnit versions before 4.8.28 and 5.x before 5.6.3 are vulnerable.
Let’s break down what this means and why it matters for web application security.
PHPUnit is a development tool and should never be deployed to a live production server.
The server executes the PHP code, giving the attacker control 1.2.2 . 3. Why is This Still a Problem in 2026?
When they find an exposed endpoint, they send a POST request containing malicious PHP code in the request body. Because the file reads from standard input ( php://stdin ), it executes the payload immediately. This grants the attacker full control over the web server application. Consequences of an Exploitation
Ensure your vendor folder is NOT inside your public web root (e.g., public_html or www ). It should be one level above.
Compromised servers are often used for cryptojacking, sending spam, or building botnets. Mitigation and Recommended Actions Autoloading Classes - Manual - PHP
Once the exact URI path is confirmed (e.g., https://example.com ), the attacker sends an unauthenticated HTTP POST request. A typical payload targeting the server looks like this:
This article explores the vulnerability, how it works, why it is still targeted, and how to protect your server. 1. What is eval-stdin.php ?
: This maps out the exact directory structure inside older versions of the PHPUnit testing package.
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded
This flaw has a CVSS score of 9.8 (Critical) , as it allows for full server compromise, data theft, and the installation of malware or ransomware. Why This Happens in Production
PHPUnit is a popular framework used by developers to run automated tests on PHP code. During development, it uses a file named eval-stdin.php to receive PHP code via standard input ( stdin ) and execute it.
This omits PHPUnit and other dev dependencies. The vendor/phpunit directory won’t even exist.
Understanding "Index of /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" and How to Secure Your Server
On June 19-21, 2025, Phintraco Sekuritas continued to participate in the Sharia Investment Week (SIW) event held by the Indonesia Stock Exchange (IDX).
The IDX, along with the Indonesian Clearing House of Guarantors (KPEI) and the Indonesian Central Depository and Settlement Institution (KSEI), supported by the Financial Services Authority (OJK), regularly organizes SIW to help the Indonesian people learn more about the Sharia Capital Market. Annually, SIW is attended by members of the Sharia Online Trading System (AB SOTS), with Phintraco Sekuritas being one of them.
During the 3-day SIW 2025 event, customers and prospective customers can attend in person at the IDX Main Hall or online via the SIW website at https://siw.idx.co.id/. The high enthusiasm of customers and prospective customers has made the Phintraco Sekuritas booth at SIW 2025 always crowded with visitors seeking information about sharia investment, both offline and online. Prospective customers who open an account at Phintraco Sekuritas will receive a free RDN worth IDR 25,000 exclusively during SIW 2025.
Then, after the new customer opens a sharia account, they will be entitled to participate in a dart game with various attractive prizes. If they win a certain score, customers can get attractive snacks, prayer mats, and even exclusive tumblers. Therefore, the presence of Phintraco Sekuritas at SIW 2025 is always eagerly awaited by customers and prospective customers.
Source: Company Documentation
However, even though SIW 2025 has ended, Phintraco Sekuritas is ready to participate in the next SIW with a variety of exciting activities and the newest information. Stay tuned for SIW 2026 on the IDX or Phintraco Sekuritas social media accounts at @phintracosekuritasofficial.
Writer: Yundira Putri Rahmadianti
Editor: Salsabila Wardhani
Tanggal 19 hingga 21 Juni 2025 lalu, Phintraco Sekuritas kembali mengikuti event Sharia Investment Week (SIW) yang diadakan oleh Bursa Efek Indonesia (BEI). Section 7: Best practices for PHPUnit deployment –
Diselenggarakan secara rutin oleh BEI yang bekerja sama bersama Kliring Penjamin Efek Indonesia (KPEI) dan Kustodian Sentral Efek Indonesia (KSEI) dengan dukungan Otoritas Jasa Keuangan (OJK), SIW bertujuan untuk meningkatkan literasi Pasar Modal Syariah masyarakat Indonesia menjadi lebih luas. Sehingga setiap tahunnya SIW dihadiri oleh Anggota Bursa Sharia Online Trading System (AB SOTS) dan Phintraco Sekuritas merupakan salah satunya.
Di SIW 2025 yang berlangsung selama 3 hari ini, nasabah dan calon nasabah dapat hadir secara luring ke Main Hall BEI ataupun secara daring melalui website SIW di laman https://siw.idx.co.id/. Tingginya antusiasme dari nasabah dan calon nasabah membuat booth Phintraco Sekuritas di SIW 2025 selalu ramai dikunjungi untuk mendapatkan informasi seputar investasi syariah baik secara luring dan daring, calon nasabah yang melakukan pembukaan akun di Phintraco Sekuritas akan mendapatkan hadiah RDN senilai Rp25.000 secara gratis khusus selama SIW 2025 berlangsung.
Kemudian setelah nasabah baru melakukan pembukaan akun syariah, maka akan berhak mengikuti permainan dart dengan beragam hadiah menarik. Jika memenangkan skor tertentu, nasabah bisa mendapatkan camilan menarik, sajadah, hingga tumbler eksklusif. Sehingga kehadiran Phintraco Sekuritas di SIW 2025 selalu ditunggu setiap harinya oleh nasabah dan calon nasabah.
Meski SIW 2025 telah berakhir, namun Phintraco Sekuritas siap untuk hadir di SIW selanjutnya dengan beragam keseruan dan informasi terbaru lainnya. Nantikan SIW 2026 di sosial media BEI atau Phintraco Sekuritas di @phintracosekuritasofficial.
Penulis: Yundira Putri Rahmadianti
Editor: Dhira Parama Yuga
Section 7: Best practices for PHPUnit deployment – never expose vendor directory publicly, keep PHPUnit as dev dependency, remove from production.
echo "<?php echo 'Hello World!';" | phpunit --eval-stdin PHPUnit is a development tool and should never
PHPUnit versions before 4.8.28 and 5.x before 5.6.3 are vulnerable.
Let’s break down what this means and why it matters for web application security.
PHPUnit is a development tool and should never be deployed to a live production server.
The server executes the PHP code, giving the attacker control 1.2.2 . 3. Why is This Still a Problem in 2026?
When they find an exposed endpoint, they send a POST request containing malicious PHP code in the request body. Because the file reads from standard input ( php://stdin ), it executes the payload immediately. This grants the attacker full control over the web server application. Consequences of an Exploitation
Ensure your vendor folder is NOT inside your public web root (e.g., public_html or www ). It should be one level above.
Compromised servers are often used for cryptojacking, sending spam, or building botnets. Mitigation and Recommended Actions Autoloading Classes - Manual - PHP
Once the exact URI path is confirmed (e.g., https://example.com ), the attacker sends an unauthenticated HTTP POST request. A typical payload targeting the server looks like this: Why is This Still a Problem in 2026
This article explores the vulnerability, how it works, why it is still targeted, and how to protect your server. 1. What is eval-stdin.php ?
: This maps out the exact directory structure inside older versions of the PHPUnit testing package.
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded
This flaw has a CVSS score of 9.8 (Critical) , as it allows for full server compromise, data theft, and the installation of malware or ransomware. Why This Happens in Production
PHPUnit is a popular framework used by developers to run automated tests on PHP code. During development, it uses a file named eval-stdin.php to receive PHP code via standard input ( stdin ) and execute it.
This omits PHPUnit and other dev dependencies. The vendor/phpunit directory won’t even exist.
Understanding "Index of /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" and How to Secure Your Server
