Exploit for Laravel Remote Code Execution with API_KEY (CVE-2018-15133)# Laravel exploit for CVE-2018-15133
This code exploit [CVE-2018-15133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15133) and it is based on [kosmiz's PoC](https://github.com/kozmic/laravel-poc-CVE-2018-15133) and [Metasploit's exploit](https://www.exploit-db.com/exploits/47129) for this vulnerability. I pretty much just did this for a box in [Hack The Box](https://www.hackthebox.eu/), because I did not want to use Metasploit at the moment and as a excuse for practicing Python.
From the CVE's Description:
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Install dependencies:
```
pip install -r requirements.txt
```
### Usage
```
usage: pwn_laravel.py [-h] [-c COMMAND] [-m {1,2,3,4}] [-i] URL API_KEY
```
## IMPORTANT
This code was created for educational use not anything illegal. Whatever you do it's your own responsibility.
### References
* [kozmic's PoC in PHP](https://github.com/kozmic/laravel-poc-CVE-2018-15133)
* [Metasploit exploit in Ruby](https://www.exploit-db.com/exploits/47129)
* [Pull request of fix by Laravel](https://github.com/laravel/framework/pull/25121/commits/d84cf988ed5d4661a4bf1fdcb08f5073835083a0)
* [CVE-2018-15133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15133)
[4.0K] /data/pocs/feda8771e9438377102505046935630ba0cb785f
├── [4.8K] pwn_laravel.py
├── [240K] pwn.png
├── [1.7K] README.md
└── [ 126] requirements.txt
0 directories, 4 files