A Vulnerable and Exploitable version of UniShare Project, built with Laravel 8.
Actually, this project is used for the final task of the Software Testing and Web Programming course, but I set this project to test CVE-2019-3129. So this project is an archive of Laravel version 8 which is vulnerable to RCE.
CVE-2021-3129: in early 2021, Laravel had a vulnerability that allowed attackers to trigger Remote Code Execution by leveraging unsafe usage of PHP. The severity level of this vulnerability is CRITICAL (9.8 of 10), which means it is above the HIGH severity level, and is of course very dangerous.
In general, this is similar to Log Poisoning which will lead to Remote Code Execution, gain control of the system, and expose the entire infrastructure.
This project uses Laravel version 8.83.27, So in order to run this project you need to install these requirements:
- PHP version 7.3 or 7.4 (tested on 7.3).
- Latest version of Composer (tested on Composer v2.6.5)
- Ignition v2.5.1
- Simply run
composer installand composer will set everything ready for you. - Type this command:
composer require facade/ignition==2.5.1
- When its done, run the project by typing
php artisan serve --port 8001
- Done.