POC详情: daaca5996a400f64bed0daf4d775c744d6257622

来源
关联漏洞
标题: Laravel 参数注入漏洞 (CVE-2024-52301)
描述:Laravel是Laravel社区的一个Web 应用程序框架。 Laravel存在参数注入漏洞。攻击者利用该漏洞可以使用特制的查询字符串调用任何URL。
描述
A bit of research around CVE-2024-52301
介绍
# CVE-2024-52301-Research
A bit of research around CVE-2024-52301. I've seen the vuln and wanted to find out how Laravel is vulnerable. For this, I just diffed the 6.20.44 and 6.20.45 versions, and traced how GET parameters could end up changing the application configuration.

I've written about this on X and BlueSky:
- https://x.com/0xntrm/status/1857504510609965206
- https://bsky.app/profile/ntrm.bsky.social/post/3laz4tkds2k2m

# Contents

This repo contains a simple docker compose file and some php:
- phpinfo.php to check, whether the `register_argc_argv` is on or off
- exploit.php contains the relevant methods from Laravel version 6, stripped from dependencies and unnecessary stuff

# Run the thing

```bash
docker-compose up -d

curl 'localhost:8000/exploit.php?--env=development'

```

# Sources
https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar
https://securityonline.info/critical-laravel-flaw-cve-2024-52301-exposes-millions-of-web-applications-to-attack/
文件快照

[4.0K] /data/pocs/daaca5996a400f64bed0daf4d775c744d6257622 ├── [4.0K] app │   ├── [1.1K] exploit.php │   └── [ 17] phpinfo.php ├── [ 320] docker-compose.yml └── [1.0K] README.md 1 directory, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。