Laravel framework remote code execution (rce)



Poc:

Laravel framework phpunit rce

Vulnerable point:
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

site.com/vendor/phpunit/phpunit/src/Util/PHP/yourshell.php shell access

Vulnerable fix patch info:

If You face any Problem
You can Contact with US
………………………………………………………………………………………………..
Contact:
………………………………………………………………………………………………..
Facebook:

Please Don’t Forget To Subscribe & Like
==============================
This tutorial is just for educational purpose only…….

Nguồn: https://svdpch.org/

Xem thêm bài viết khác: https://svdpch.org/cong-nghe/

10 thoughts on “Laravel framework remote code execution (rce)”

  1. how does that work, when the webserver only present the public-folder of laravel (like it's the idea i guess)? the vendor-folder is not accessible via webserver for my installations, so how would that work? i tried /../ of course, but nginx is too strict for this. however, this would be a admin-problem, not the one of laravel, how u see that?

    Reply

Leave a Comment