CVE-2021-3129 PoC — Facade Ignition for Laravel 授权问题漏洞

Source

Associated Vulnerability

Description

CVE-2021-3129 | Laravel Debug Mode Vulnerability

Readme

# CVE-2021-3129
Mass Scan Tools For Laravel <= V8.4.2 Debug Mode Remote Code Execution (RCE) | Python

## Reference

 - [Ambionics.io](https://www.ambionics.io/blog/laravel-debug-rce)
 - [PHPGCC](https://github.com/ambionics/phpggc.git)




## Chain PHPGCC

- Laravel/RCE1
- Laravel/RCE2
- Laravel/RCE3
- Laravel/RCE4
- Laravel/RCE5
- Laravel/RCE6
- Laravel/RCE7
- Monolog/RCE1
- Monolog/RCE2
- Monolog/RCE3
- Monolog/RCE4


## Environment Variables

In order to run this project, you need to ensure some variables.

Request With Verify SSL :

`confVerify = True or False`

Write Log : 

`confDebug = True or False`

Write Log : 

`confDebug = True or False`

File Snapshot

 [4.0K]  /data/pocs/70ad5c654aed3f7d8cb6a867f97a82d6636a4a31
├── [4.3K]  laravelrce.py
├── [4.0K]  phpggc
└── [ 660]  README.md

1 directory, 2 files

Remarks