Jump to content
Nytro

CVE-2021-3129 - Laravel debug RCE

Recommended Posts

CVE-2021-3129

Laravel debug rce

食用方法

执行docker-compse up -d启动环境

访问8888端口后点击首页面的generate key就可以复现了

关于docker环境想说的几点:

  • 把.env.example复制到.env作用是开启debug环境
  • 关闭了php.ini的phar.readonly
  • 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由(这个我加在源码里了,没写dockerfile里)

复现效果

复现效果

脚本已放出,脚本要和phpggc项目文件夹在同一级目录下。
通用性不强(至少打我自己的环境可以),大家可自行把phpggc的其它rce链也加进去,提高通杀能力。

参考资源

https://www.ambionics.io/blog/laravel-debug-rce
https://xz.aliyun.com/t/9030#toc-3
https://blog.csdn.net/csdn_Pade/article/details/112974809

 

Sursa: https://github.com/SNCKER/CVE-2021-3129

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...