module
PHP Laravel Framework token Unserialize Remote Command Execution
| Disclosed |
|---|
| Aug 7, 2018 |
Disclosed
Aug 7, 2018
Description
This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x
Remote Command Execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to
an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php.
Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY.
Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix.
In some cases the APP_KEY is leaked which allows for discovery and exploitation.
Remote Command Execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to
an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php.
Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY.
Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix.
In some cases the APP_KEY is leaked which allows for discovery and exploitation.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.