作者CMJ0121 (不要偷 Q)
看板NetSecurity
標題[0Day] Laravel CVE-2018-15133
時間Thu Dec 13 12:47:34 2018
====================================================================
== Subject:
Laravel RCE with APP_KEY leaked
== CVE ID#:
CVE-2018-15133
== Versions:
Laravel 5.6.29 application on PHP 7.2.10
== Summary:
Laravel CVE-2018-15133
https://github.com/kozmic/laravel-poc-CVE-2018-15133
This repository contains a simple Laravel 5.6.29 application on PHP 7.2.10
with one basic noop route added in routes/web.php (see Dockerfile) and Proof
of Concept exploit (cve-2018-15133.php) for CVE-2018-15133 that should
successfully exploit the Laravel application and execute uname -a on the
target system.
====================================================================
看起來有一些人晚上又不睡覺了
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 106.1.224.240
※ 文章網址: https://webptt.com/m.aspx?n=bbs/NetSecurity/M.1544676458.A.4FC.html
1F:推 nini200: 哈哈 12/18 02:40