crash.software
Projects
Pull Requests
Issues
Builds
afrog
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
List
Boards
Milestones
Builds
Statistics
Contributions
Source Lines
Child Projects
Projects
STRLCPY
afrog
Commits
9c809af9
🤬
Sign In
CVE-2021-3129 update desc & reference
zan8in
committed
2 years ago
9c809af9
1 parent
65fc0c78
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
Total 1 files
■ ■ ■ ■
■ ■
afrog-pocs/g-CVE/2021/CVE-2021-3129.yaml
skipped 3 lines
4
4
name: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
5
5
author: Jarcis-cy(https://github.com/Jarcis-cy)
6
6
severity: critical
7
+
description: |
8
+
在 Debug 模式下,Laravel 内置的 Ignition 功能某些接口未严格过滤输入数据,导致 file_get_contents() 和 file_put_contents() 函数使用不安全,从而使攻击者能够使用恶意日志文件引起 phar 反序列化攻击,远程执行代码并最终获得服务器权限。
9
+
reference:
10
+
- https://www.anquanke.com/post/id/231459
7
11
8
12
set:
9
13
r: randomLowercase(12)
skipped 21 lines
All occurrences
Please wait...
Page is in error, reload to recover