nuclei-templates/cves/2021/CVE-2021-3129.yaml

id: CVE-2021-3129

info:
  name: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
  author: z3bd
  severity: critical
  description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
  reference: https://www.ambionics.io/blog/laravel-debug-rce
  tags: cve,cve2021,laravel,rce

  # Note:- This is detection template, use the referenced article for detailed exploit.

requests:
  - raw:
      - |
        POST /_ignition/execute-solution HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: deflate
        Accept: application/json
        Connection: close
        Content-Length: 144
        Content-Type: application/json

        {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "test", "viewFile": "/etc/passwd"}}

    matchers:
      - type: word
        words:
          - "failed to open stream: Permission denied"
Adding CVE-2021-3129 2021-02-27 12:56:57 +00:00			`id: CVE-2021-3129`

			`info:`
misc updates 2021-03-03 06:28:28 +00:00			`name: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION`
Adding CVE-2021-3129 2021-02-27 12:56:57 +00:00			`author: z3bd`
			`severity: critical`
misc updates 2021-03-03 06:28:28 +00:00			`description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.`
Update CVE-2021-3129.yaml 2021-02-27 13:00:16 +00:00			`reference: https://www.ambionics.io/blog/laravel-debug-rce`
Adding CVE-2021-3129 2021-02-27 12:56:57 +00:00			`tags: cve,cve2021,laravel,rce`

Update CVE-2021-3129.yaml 2021-02-27 18:26:53 +00:00			`# Note:- This is detection template, use the referenced article for detailed exploit.`

Adding CVE-2021-3129 2021-02-27 12:56:57 +00:00			`requests:`
improved matcher 2021-02-27 18:24:39 +00:00			`- raw:`
			`- \|`
			`POST /_ignition/execute-solution HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept-Encoding: deflate`
			`Accept: application/json`
			`Connection: close`
			`Content-Length: 144`
			`Content-Type: application/json`

			`{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "test", "viewFile": "/etc/passwd"}}`
Adding CVE-2021-3129 2021-02-27 12:56:57 +00:00
			`matchers:`
			`- type: word`
			`words:`
improved matcher 2021-02-27 18:24:39 +00:00			`- "failed to open stream: Permission denied"`