Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Laravel PHP exploit module with fixes. #12062

Merged
merged 9 commits into from Jul 12, 2019

Conversation

@aushack
Copy link
Contributor

aushack commented Jul 7, 2019

Messed up a few things last time and fixed formatting etc. Hopefully okay this time. Tested fresh and working for docker image and a pentest engagement.

This module exploits an unauthenticated vulnerability that allows for PHP object deserialization and command execution.

Verification Steps

  • ./msfconsole -q
  • use exploits/unix/http/laravel_token_unserialize_exec
  • set rhosts <rhost>
  • set app_key <app_key>
  • exploit
@aushack aushack changed the title Added Lavarel PHP exploit module with fixes. Added Laravel PHP exploit module with fixes. Jul 7, 2019
@aushack

This comment has been minimized.

Copy link
Contributor Author

aushack commented Jul 7, 2019

.. and always get the name spelling wrong lol.

@bcoles bcoles added docs module labels Jul 7, 2019
aushack added 4 commits Jul 7, 2019
@jrobles-r7 jrobles-r7 self-assigned this Jul 10, 2019
jrobles-r7 added 4 commits Jul 11, 2019
@jrobles-r7 jrobles-r7 merged commit 30d7c94 into rapid7:master Jul 12, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jrobles-r7 added a commit that referenced this pull request Jul 12, 2019
msjenkins-r7 added a commit that referenced this pull request Jul 12, 2019
@jrobles-r7

This comment has been minimized.

Copy link
Contributor

jrobles-r7 commented Jul 12, 2019

Release Notes

A module that targets CVE-2018-15133 is now available. It exploits an unserialize call in Laravel Framework to execute commands. If an APP_KEY is not provided the module checks for CVE-2017-16894 to retrieve the APP_KEY.

@tdoan-r7 tdoan-r7 added the rn-modules label Jul 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.